Debian Security Advisory 4970-1

Debian Security Advisory 4970-1: Posted Sep 28, 2021; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4970-1 - Kevin Israel discovered that Postorius, the administrative web frontend for Mailman 3, didn't validate whether a logged-in user owns the email address when unsubscribing.; tags | advisory, web; systems | linux, debian; advisories | CVE-2021-40347; SHA-256 | d0c0d8c9e3c781e6faf36980659196a409ce5700fd69a57831a82485c7e65a85; Download | Favorite | View

Debian Security Advisory 4970-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4970-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 09, 2021                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : postorius
CVE ID         : CVE-2021-40347

Kevin Israel discovered that Postorius, the administrative web frontend
for Mailman 3, didn't validate whether a logged-in user owns the email
address when unsubscribing.

For the oldstable distribution (buster), this problem has been fixed
in version 1.2.4-1+deb10u1.

For the stable distribution (bullseye), this problem has been fixed in
version 1.3.4-2+deb11u1.

We recommend that you upgrade your postorius packages.

For the detailed security status of postorius please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postorius

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmE6SCEACgkQEMKTtsN8
TjZTrA//T49YDDDMjC9w/YOAMAyfHUK+5rPfg+CwBVkUIuUaLVswfHWmBi6nmgML
xkDB8n6EggieLrk2bSJFGCzsQBGszkDlrHEnTSskPEZzZUD+rR7bm58Z9RPyxIZI
7D4jXrVaH6u9Dbtph0mpaWuBv8cpYV0647HM3fU0SiLP3W0Y0mikxNd0FqDTv4yb
ePdJLOpZTbYl2Ib3CZYAuPV5e9MxSFUGCM5hYvSkAkdD28PiMgiSna3sw0hpdc+V
HvnAiPNmeW/3DF2niL59Z4Km1YhH1zMfATRd5SvNV/m9Y2J/+n9PbhvI7Neu1gLs
E+mOLdefQCMvW4zOVTrBxxLhMafTBeIkIikfLrXUOTQg2BPsm1fLIkCTc9Be+3UV
hz1nhQ60TRdGayGgo4U2zRrw94bnBP1gE3JjOOjg1n09+oinF9v2S0+Hk8gMnUaq
dcIu7OIZcl9+yRKeO9/j7KGDdF5+B4VX+BRhHGgoic8LBcufHsZcgXcqu5mkeZNM
cl0A826UwpbZIM0TlRNj78fJJV21EhqvVpKS3MJ9989DLuH+vFwa//gInI8Xvho7
F41/B7ZmKuPZbVV5L6SFXE56NWeWn5UqtwvSN3bD42AQYp5PcxS8n1IMsQoRSLHy
cv6mIr3iOtaF9Y9b5gxsT9mS9rLbMWEmHwydoCUH3nJdz8k4O6I=
=xYF1
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 4970-1

Debian Security Advisory 4970-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4970-1

Share This

Debian Security Advisory 4970-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems