mail/mailman: security update to 2.1.37
f05ee16987d1
Actions

Description

mail/mailman: security update to 2.1.37

A potential XSS attack via the user options page has been reported by Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)

LP: A crafted URL to the user options page can execute arbitrary

javascript.

A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-43332 (LP: #1949403)

LP: The CSRF token for the admindb page contains an encrypted version of

the list admin password which could potentially be cracked by a
moderator via an off-line brute force attack.

MFH: 2021Q4
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332

Provenance

mandree

Authored on Nov 13 2021, 10:27 AM

Parents

Branches

Unknown

Tags

Unknown

Path

Size

mail/

mailman/