A patch to fix this which is applicable to Mailman >= 2.1.15 and <= 2.1.22 is attached here. This fix has also been released as part of Mailman 2.1.23.
** Attachment added: "Patch for CVE-2016-6893" https://bugs.launchpad.net/mailman/+bug/1614841/+attachment/4732645/+files/patch_CVE-2016-6893 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1614841 Title: CSRF protection needs to be extended to the user options page To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1614841/+subscriptions _______________________________________________ Mailman-coders mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-coders
