Overview

File CVE-2021-43332-crack_admin_passwd.patch of Package mailman.24378

=== modified file 'Mailman/CSRFcheck.py'
---
 Mailman/CSRFcheck.py   |    2 +-
 Mailman/Cgi/admindb.py |    4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

--- a/Mailman/CSRFcheck.py
+++ b/Mailman/CSRFcheck.py
@@ -45,7 +45,7 @@ def csrf_token(mlist, contexts, user=Non
 
     for context in contexts:
         key, secret = mlist.AuthContextInfo(context, user)
-        if key:
+        if key and secret:
             break
     else:
         return None     # not authenticated
--- a/Mailman/Cgi/admindb.py
+++ b/Mailman/Cgi/admindb.py
@@ -59,8 +59,8 @@ if mm_cfg.DISPLAY_HELD_SUMMARY_SORT_BUTT
 else:
     ssort = SSENDER
 
-AUTH_CONTEXTS = (mm_cfg.AuthListAdmin, mm_cfg.AuthSiteAdmin,
-                 mm_cfg.AuthListModerator)
+AUTH_CONTEXTS = (mm_cfg.AuthListModerator, mm_cfg.AuthListAdmin,
+                 mm_cfg.AuthSiteAdmin)
openSUSE Build Service is sponsored by
Places