Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2021-11-20 22:50:39 by Thomas Merkel | Files touched by this commit (3)
Log message:
Pullup ticket #6534 - requested by bsiegert
mail/mailman: security fix

Revisions pulled up:
- mail/mailman/Makefile                                         1.95
- mail/mailman/PLIST                                            1.31
- mail/mailman/distinfo                                         1.31

---
   Module Name:    pkgsrc
   Committed By:   tm
   Date:           Tue Oct 26 18:42:55 UTC 2021

   Modified Files:
           pkgsrc/mail/mailman: Makefile PLIST distinfo

   Log message:
   mail/mailman: Update to 2.1.35

   2.1.35 (19-Oct-2021)
     Security
       - A potential for for a list member to carry out an off-line brute force
         attack to obtain the list admin password has been reported by Andre
         Protas, Richard Cloke and Andy Nuttall of Apple.  This is fixed.
         CVE-2021-42096  (LP:#1947639)
       - A CSRF attack via the user options page could allow takeover of a users
         account.  This is fixed.  CVE-2021-42097  (LP:#1947640)
     Bug Fixes and other patches
       - Fixed an issue where sometimes the wrapper message for DMARC mitigation
         Wrap Message has no Subject:.  (LP: #1915655)
       - Plain text message bodies with Content-Disposition: and no declared
         charset are no longer scrubbed.  (LP: #1917968)
       - CommandRunner now recodes message bodies in the charset of the user's
         or list's language to avoid a possible UnicodeError when including the
         message body in the reply.  (LP: #1921682)
       - Delivery disabled by bounce notices to admins now have 'disabled'
         properly translated.  (LP: #1922843)
       - DMARC policy discovery ignores domains with multiple DMARC records per
         RFC 7849,  (LP: 1931029)

Next | Query returned 1 messages, browsing 1 to 10 | previous