GNU Mailman

  1. Bug #1952384
  2. Activity log

Activity log for bug #1952384

Date Who What changed Old value New value Message
2021-11-26 03:16:55 Mark Sapiro bug added bug
2021-11-26 03:16:55 Mark Sapiro attachment added Patch to fix this issue. https://bugs.launchpad.net/bugs/1952384/+attachment/5543451/+files/patch.txt
2021-11-30 05:16:07 Mark Sapiro cve linked 2021-44227
2021-11-30 17:49:01 Mark Sapiro description A list moderator or list member can potentially carry out a CSRF attach by getting a list admin to visit a crafted web page A list moderator or list member can potentially carry out a CSRF attach by getting a list admin to visit a crafted web page. A moderator or list member can get an admindb or options page with a CSRF token and use that token in a crafted POST request to the admin page to change the list admin password or other settings and convince an admin to submit the POST. Likewise, a list member can do the same with a POST to the admindb page to handle requests.
2021-11-30 17:55:04 Launchpad Janitor branch linked lp:mailman/2.1
2021-11-30 18:34:38 Mark Sapiro mailman: status In Progress Fix Released
2021-11-30 18:35:09 Mark Sapiro information type Private Security Public Security