Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

python3-django-postorius: CVE-2021-40347 New upstream to fix security bug

Related Vulnerabilities: CVE-2021-40347  

Source

Debian Bug report logs - #993746
python3-django-postorius: CVE-2021-40347 New upstream to fix security bug

version graph

Package: src:1.3.4-2; Maintainer for src:1.3.4-2 is (unknown);

Reported by: Peter Chubb <peter.chubb@unsw.edu.au>

Date: Sun, 5 Sep 2021 21:33:01 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Found in version 1.3.4-2/1.2.4-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Mailman Team <pkg-mailman-hackers@lists.alioth.debian.org>:
Bug#993746; Package python3-django-postorius. (Sun, 05 Sep 2021 21:33:03 GMT) (full text, mbox, link).

Acknowledgement sent to Peter Chubb <peter.chubb@unsw.edu.au>:
New Bug report received and forwarded. Copy sent to Debian Mailman Team <pkg-mailman-hackers@lists.alioth.debian.org>. (Sun, 05 Sep 2021 21:33:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Peter Chubb <peter.chubb@unsw.edu.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: python3-django-postorius: CVE-2021-40347 New upstream to fix security bug
Date: Mon, 06 Sep 2021 07:28:39 +1000
Package: python3-django-postorius
Version: 1.3.4-2
Severity: important
Tags: upstream

Dear Maintainer,

There is a new upstream (and patches to this version) available, to address 
security issue CVE-2021-40347.  This vulnerability allows any logged-in-user
to unsubscribe any user from any list.

Version 1.3.5 fixes the issue; plus a patch was posted to the 
mailman3 mailing list.



-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-cloud-amd64 (SMP w/1 CPU thread)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-django-postorius depends on:
ii  fonts-glyphicons-halflings  1.009~3.4.1+dfsg-2
ii  libjs-bootstrap4            4.5.2+dfsg1-8
ii  libjs-jquery                3.5.1+dfsg+~3.5.5-7
ii  libjs-sphinxdoc             3.5.4-2
ii  node-html5shiv              3.7.3+dfsg-3
ii  python3                     3.9.2-3
ii  python3-cmarkgfm            0.4.2-1+b3
ii  python3-django              2:2.2.24-1
ii  python3-django-mailman3     1.3.5-2
ii  python3-mailmanclient       3.3.2-1
ii  python3-readme-renderer     24.0-3
ii  sphinx-rtd-theme-common     0.5.1+dfsg-1

Versions of packages python3-django-postorius recommends:
ii  mailman3-web  0+20200530-2

python3-django-postorius suggests no packages.

-- no debconf information

Bug reassigned from package 'python3-django-postorius' to 'src:1.3.4-2'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 06 Sep 2021 12:54:02 GMT) (full text, mbox, link).

No longer marked as found in versions postorius/1.3.4-2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 06 Sep 2021 12:54:02 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream and security. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 06 Sep 2021 12:54:03 GMT) (full text, mbox, link).

Marked as found in versions 1.3.4-2/1.2.4-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 06 Sep 2021 12:54:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Sep 6 16:20:40 2021; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started