Package : mailman
CVE ID : CVE-2020-12108 CVE-2020-15011 CVE-2021-42096 CVE-2021-42097
Several vulnerabilities were discovered in mailman, a web-based mailing
list manager, which could result in arbitrary content injection via the
options and private archive login pages, and CSRF attacks or privilege escalation via the user options page.
For the oldstable distribution (buster), these problems have been fixed
in version 1:2.1.29-1+deb10u2.
We recommend that you upgrade your mailman packages.