Overview
Request 927815 accepted
- Update to 2.1.35 to fix 2 security issues:
- A potential for for a list member to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-42096 (boo#1191959, LP:#1947639)
- A CSRF attack via the user options page could allow takeover of a users
account. This is fixed. CVE-2021-42097 (boo#1191960, LP:#1947640)
- Add reproducible.patch to use fixed build date in mailman-config
to make package build reproducible (boo#1047218)
- Created by bmwiedemann
- In state accepted
Request History
bmwiedemann created request
- Update to 2.1.35 to fix 2 security issues:
- A potential for for a list member to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-42096 (boo#1191959, LP:#1947639)
- A CSRF attack via the user options page could allow takeover of a users
account. This is fixed. CVE-2021-42097 (boo#1191960, LP:#1947640)
- Add reproducible.patch to use fixed build date in mailman-config
to make package build reproducible (boo#1047218)
factory-auto accepted review
Check script succeeded
maintbot accepted review
ok
licensedigger accepted review
ok
licensedigger approved review
ok
msmeissn moved maintenance target to openSUSE:Maintenance:17121
msmeissn accepted request
accepted request 927815:Thanks!
For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance
