"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "NEWS" between
mailman-2.1.35.tgz and mailman-2.1.36.tgz

About: Mailman 2 - The GNU Mailing List Management System.

NEWS  (mailman-2.1.35.tgz):NEWS  (mailman-2.1.36.tgz)
-*- coding: iso-8859-1 -*- -*- coding: iso-8859-1 -*-
Mailman - The GNU Mailing List Management System Mailman - The GNU Mailing List Management System
Copyright (C) 1998-2020 by the Free Software Foundation, Inc. Copyright (C) 1998-2020 by the Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Here is a history of user visible changes to Mailman. Here is a history of user visible changes to Mailman.
2.1.36 (12-Nov-2021)
Security
- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-43332 (LP: #1949403)
2.1.35 (19-Oct-2021) 2.1.35 (19-Oct-2021)
Security Security
- A potential for for a list member to carry out an off-line brute force - A potential for for a list member to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-42096 (LP:#1947639) CVE-2021-42096 (LP: #1947639)
- A CSRF attack via the user options page could allow takeover of a users - A CSRF attack via the user options page could allow takeover of a users
account. This is fixed. CVE-2021-42097 (LP:#1947640) account. This is fixed. CVE-2021-42097 (LP: #1947640)
Bug Fixes and other patches Bug Fixes and other patches
- Fixed an issue where sometimes the wrapper message for DMARC mitigation - Fixed an issue where sometimes the wrapper message for DMARC mitigation
Wrap Message has no Subject:. (LP: #1915655) Wrap Message has no Subject:. (LP: #1915655)
- Plain text message bodies with Content-Disposition: and no declared - Plain text message bodies with Content-Disposition: and no declared
charset are no longer scrubbed. (LP: #1917968) charset are no longer scrubbed. (LP: #1917968)
- CommandRunner now recodes message bodies in the charset of the user's - CommandRunner now recodes message bodies in the charset of the user's
 End of changes. 3 change blocks. 
2 lines changed or deleted 14 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)