Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
mail/mailman: Update to 2.1.39
Welcome to December, 2021.
packaging changes: Adapt to excessively complicated and hard-to-deal
with upstream URLs.
Upstream NEWS:
2.1.39 (13-Dec-2021)
Bug Fixes and other patches
- User matching for CSRF tokens is no longer case sensitive., and a
potential NamerError in logging is fixed. (LP: #1954694)
2.1.38 (30-Nov-2021)
Security
- A potential CSRF attack against a list admin from a list member or
moderator has been blocked. CVE-2021-44227 (LP: #1952384)
Bug Fixes and other patches
- NotAMemberError exception from the user options page when the user has
been asynchronously unsubscribed is fixed. (LP: #1951769)
2.1.37 (12-Nov-2021)
Bug Fixes and other patches
- A bug in the fix for CVE-2021-43332 has neen fixed. (LP: #1950833)
2.1.36 (12-Nov-2021)
Security
- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-43332 (LP: #1949403)
| Revision | Action | file |
| 1.3 | modify | pkgsrc/mail/mailman/DESCR |
| 1.100 | modify | pkgsrc/mail/mailman/Makefile |
| 1.32 | modify | pkgsrc/mail/mailman/distinfo |