Package: sympa; Maintainer for sympa is Debian Sympa team <sympa@packages.debian.org>; Source for sympa is src:sympa (PTS, buildd, popcon).
Reported by: "Stefan Hornburg (Racke)" <racke@linuxia.de>
Date: Mon, 24 Feb 2020 10:21:02 UTC
Severity: critical
Tags: patch, security, upstream
Found in versions sympa/6.2.40~dfsg-1, sympa/6.2.40~dfsg-3
Reply or subscribe to this bug.
View this report as an mbox folder, status mbox, maintainer mbox
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
[sympa-6.2.52-sa-2020-001.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, attachment)]
Marked as found in versions sympa/6.2.40~dfsg-1.
Request was from "Stefan Hornburg (Racke)" <racke@linuxia.de>
to control@bugs.debian.org
.
(Mon, 24 Feb 2020 11:51:02 GMT) (full text, mbox, link).
Added tag(s) upstream and security.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 24 Feb 2020 21:09:03 GMT) (full text, mbox, link).
Changed Bug title to 'sympa: CVE-2020-9369: Security flaws in CSRF prevention' from 'Security flaws in CSRF prevention'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 24 Feb 2020 21:09:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.