• Accepted mailman 1:2.1.29-1+deb10u3 (source) into oldstable-proposed-up

    From Debian FTP Masters@21:1/5 to All on Tue Nov 30 21:50:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sat, 20 Nov 2021 15:17:30 +0100
    Source: mailman
    Architecture: source
    Version: 1:2.1.29-1+deb10u3
    Distribution: buster
    Urgency: medium
    Maintainer: Mailman for Debian <pkg-mailman-hackers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org>
    Closes: 1000367
    Changes:
    mailman (1:2.1.29-1+deb10u3) buster; urgency=medium
    .
    * Non-maintainer upload by the Security Team.
    * Potential XSS attack via the user options page (CVE-2021-43331)
    (Closes: #1000367)
    * A list moderator can crack the list admin password encrypted in a CSRF
    token (CVE-2021-43332) (Closes: #1000367)
    Checksums-Sha1:
    7f5840ea075baffd8146ddcd58ca7def3d44c9b4 2238 mailman_2.1.29-1+deb10u3.dsc
    894ef361cfbfaa2aa197842cfdee70cec0e7db41 102272 mailman_2.1.29-1+deb10u3.debian.tar.xz
    Checksums-Sha256:
    2ad868bbb08a1fffa4268a6d47a632681469c1e9fcd08dd4fdbd2abcdab56a24 2238 mailman_2.1.29-1+deb10u3.dsc
    12a81077a71da232b922b5a30337933f493f0e5cb8c58d38e72c0920aa56e5e0 102272 mailman_2.1.29-1+deb10u3.debian.tar.xz
    Files:
    c330708c4ed894fcf0e2caacf3b64598 2238 mail optional mailman_2.1.29-1+deb10u3.dsc
    ee0969c52a29cbab6e28e31d09f0588d 102272 mail optional mailman_2.1.29-1+deb10u3.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmGbh3JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EtcEP/j1bAD3Z0l80kLe5EPoB4YriwEjoQrzw VxlQBLDZi/w3kCk8ZCPwt+9EQYv3ypR6Wm5EeFalK++aMstat56yx8VmxIuDTbF/ 6cw+Tfi8W8Ba7bKOpxnNuT4Omkqi/GOikdDTEM1t3XEquBg7xblwpjFfO8x6DDo8 Z7tyGlAM2M+TH768kuaQBNBGgnvDvVLIcXfv5VghqB9+iR+RSg9sLs4BCqj96fnf FTnGkwLKVjB3+ZfD8GE3gJAnl461Xui5z4JKNhrJxlrcsw7d25FOi1ZKRO+IsNZV u7Qn/G07V5opcbbGPhEr1WASNPylwYcX+VlZVDCpAb8cXJGSOh7YhQX9pmf7hwc0 le4kieOYhxhCfKq7udWNMduRCkisPG2rEIgZ4MhD5ZXoPN/r3A7GSdsQqcI4SP60 wwOEwQZpDQsIaS1IvDmOaocMXXqSBo5huVLpZlPcbJRHrkBVHuuBaW0ohg/0h6p5 mR5Zi3QDMc1VJ1cfWfmkaJgcMmpvbLJJjGej7Cv3y98uY4XSopsGtzDjIzOKrqds nzVzXcAxByPuKr3eO4al3TfbG4KumYDirXL3znIHyVautZZoU10JAW3BEomPZuIp V4x2swjt6MtePlUCp9yZdJWrxHWk0uEUrp04b4sJ3hPRkb671L3ZmRfWu5lER4ly
    YCEbYRp9oi2F
    =sfBC
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)