GNU Mailman

GNU Mailman 2.1.36

Milestone information

Project:: GNU Mailman

Series:: 2.1

Version:: 2.1.36

Released:: 2021-11-12

Registrant:: Mark Sapiro

Release registered:: 2021-11-12

Active:: Yes. Drivers can target bugs and blueprints to this milestone.

Download RDF metadata

Activities

Assigned to you:: No blueprints or bugs assigned to you.

Assignees:: 2 Mark Sapiro

Blueprints:: No blueprints are targeted to this milestone.

Bugs:: 2 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File	Description	Downloads
mailman-2.1.36.tgz (md5, sig)	Release tarball	75 last downloaded 8 days ago
Total downloads:		75

Release notes

2.1.36 (12-Nov-2021)

Security

- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)

    - A potential for for a list moderator to carry out an off-line brute force
      attack to obtain the list admin password has been reported by Andre
      Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
      CVE-2021-43332 (LP: #1949403)

Changelog

This release does not have a changelog.

0 blueprints and 2 bugs targeted

Bug report				Importance	Assignee	Status
1949401	#1949401	Potential XSS attack via the user options page.		4 Medium	Mark Sapiro	10 Fix Released
1949403	#1949403	A vulnerability could allow a list moderator to discover the admin password.		1 Undecided	Mark Sapiro	10 Fix Released

Related milestones and releases

This milestone contains Public information

Everyone can see this information.