Debian Linux Security Advisory 4107-1 - It was discovered that the webhook validation of Anymail, a Django email backends for multiple ESPs, is prone to a timing attack. A remote attacker can take advantage of this flaw to obtain a WEBHOOK_AUTHORIZATION secret and post arbitrary email tracking events.
72744935de785760401d98987bbeaabfb711ae71d0beb335b3b768cca5382140