Activity log for bug #1954694
Date | Who | What changed | Old value | New value | Message |
---|---|---|---|---|---|
2021-12-13 18:02:26 | Mark Sapiro | bug | added bug | ||
2021-12-13 18:10:00 | Mark Sapiro | description | The fix for CVE-2021-42097 requires that the user submitting a user options form match the user in the CSRF token submitted with the form, but the match is case sensitive and should not be. | The fix for CVE-2021-42097 requires that the user submitting a user options form match the user in the CSRF token submitted with the form, but the match is case sensitive and should not be. There is also a potential NameError exception in logging a mismatch. | |
2021-12-13 18:16:13 | Mark Sapiro | attachment added | Patch to fix this issue. https://bugs.launchpad.net/mailman/+bug/1954694/+attachment/5547352/+files/patch.txt | ||
2021-12-13 20:39:53 | Launchpad Janitor | branch linked | lp:mailman/2.1 | ||
2021-12-13 20:57:02 | Mark Sapiro | mailman: status | In Progress | Fix Released | |
2022-01-18 06:26:23 | Ant Phyo Hlyand Tun | mailman: assignee | Mark Sapiro (msapiro) | Ant Phyo Hlyand Tun (antphyo) | |
2022-01-18 16:30:42 | Mark Sapiro | mailman: assignee | Ant Phyo Hlyand Tun (antphyo) |