File _patchinfo of Package patchinfo.24378

<patchinfo incident="24378">
  <issue tracker="bnc" id="1192735">VUL-0: CVE-2021-43331: mailman: XSS in Cgi/options.py</issue>
  <issue tracker="bnc" id="1192741">VUL-0: CVE-2021-43332: mailman: a list moderator can crack the list admin password encrypted in a CSRF token</issue>
  <issue tracker="bnc" id="1191959">VUL-0: CVE-2021-42096: mailman: remote privilege escalation in GNU Mailman before 2.1.35 via csrf_token derived from admin password</issue>
  <issue tracker="bnc" id="1193316">VUL-0: CVE-2021-44227: mailman: In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request</issue>
  <issue tracker="cve" id="2021-43331"/>
  <issue tracker="cve" id="2021-42096"/>
  <issue tracker="cve" id="2021-43332"/>
  <issue tracker="cve" id="2021-44227"/>
  <packager>mcepl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for mailman</summary>
  <description>This update for mailman fixes the following issues:

- CVE-2021-44227: Preventing list moderator or list member accessing the admin UI (bsc#1193316).
- CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token (bsc#1192741).
- CVE-2021-43331: Fixed XSS in Cgi/options.py (bsc#1192735).
- CVE-2021-42096: Add protection against remote privilege escalation via csrf_token derived from admin password (bsc#1191959).
</description>
</patchinfo>