GNU Mailman 2.1.36
Milestone information
- Project:
- GNU Mailman
- Series:
- 2.1
- Version:
- 2.1.36
- Released:
- Registrant:
- Mark Sapiro
- Release registered:
- Active:
- Yes. Drivers can target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- 2 Mark Sapiro
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- 2 Fix Released
Download files for this release
Release notes
2.1.36 (12-Nov-2021)
Security
- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-
Changelog
This release does not have a changelog.
0 blueprints and 2 bugs targeted
Bug report | Importance | Assignee | Status | |||
---|---|---|---|---|---|---|
1949401 | #1949401 | Potential XSS attack via the user options page. | 4 Medium | Mark Sapiro | 10 Fix Released | |
1949403 | #1949403 | A vulnerability could allow a list moderator to discover the admin password. | 1 Undecided | Mark Sapiro | 10 Fix Released |