Public bug reported:
The fix for CVE-2021-42097 requires that the user submitting a user
options form match the user in the CSRF token submitted with the form,
but the match is case sensitive and should not be.
There is also a potential NameError exception in logging a mismatch.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1954694
Title:
CSRF check for user tokens should not be case sensitive.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1954694/+subscriptions
_______________________________________________
Mailman-coders mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-coders.python.org/
Member address: [email protected]
