1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4970-1] postorius security update

    From Moritz Muehlenhoff@21:1/5 to All on Thu Sep 9 20:00:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4970-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 09, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : postorius
    CVE ID : CVE-2021-40347

    Kevin Israel discovered that Postorius, the administrative web frontend
    for Mailman 3, didn't validate whether a logged-in user owns the email
    address when unsubscribing.

    For the oldstable distribution (buster), this problem has been fixed
    in version 1.2.4-1+deb10u1.

    For the stable distribution (bullseye), this problem has been fixed in
    version 1.3.4-2+deb11u1.

    We recommend that you upgrade your postorius packages.

    For the detailed security status of postorius please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/postorius

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmE6SCEACgkQEMKTtsN8 TjZTrA//T49YDDDMjC9w/YOAMAyfHUK+5rPfg+CwBVkUIuUaLVswfHWmBi6nmgML xkDB8n6EggieLrk2bSJFGCzsQBGszkDlrHEnTSskPEZzZUD+rR7bm58Z9RPyxIZI 7D4jXrVaH6u9Dbtph0mpaWuBv8cpYV0647HM3fU0SiLP3W0Y0mikxNd0FqDTv4yb ePdJLOpZTbYl2Ib3CZYAuPV5e9MxSFUGCM5hYvSkAkdD28PiMgiSna3sw0hpdc+V HvnAiPNmeW/3DF2niL59Z4Km1YhH1zMfATRd5SvNV/m9Y2J/+n9PbhvI7Neu1gLs E+mOLdefQCMvW4zOVTrBxxLhMafTBeIkIikfLrXUOTQg2BPsm1fLIkCTc9Be+3UV hz1nhQ60TRdGayGgo4U2zRrw94bnBP1gE3JjOOjg1n09+oinF9v2S0+Hk8gMnUaq dcIu7OIZcl9+yRKeO9/j7KGDdF5+B4VX+BRhHGgoic8LBcufHsZcgXcqu5mkeZNM cl0A826UwpbZIM0TlRNj78fJJV21EhqvVpKS3MJ9989DLuH+vFwa//gInI8Xvho7 F41/B7ZmKuPZbVV5L6SFXE56NWeWn5UqtwvSN3bD42AQYp5PcxS8n1IMsQoRSLHy cv6mIr3iOtaF9Y9b5gxsT9mS9rLbMWEmHwydoCUH3nJdz8k4O6I=
    =xYF1
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)