Your message dated Tue, 13 Sep 2016 17:44:53 +0000
with message-id <[email protected]>
and subject line Bug#835970: fixed in mailman 1:2.1.23-1
has caused the Debian Bug report #835970,
regarding mailman: CVE-2016-6893: CSRF protection needs to be extended to the
user options page
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
835970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835970
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mailman
Version: 1:2.1.15-1
Severity: important
Tags: security upstream patch
Forwarded: https://bugs.launchpad.net/mailman/+bug/1614841
Hi,
the following vulnerability was published for mailman.
CVE-2016-6893[0]:
CSRF protection needs to be extended to the user options page
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6893
[1] https://bugs.launchpad.net/mailman/+bug/1614841
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mailman
Source-Version: 1:2.1.23-1
We believe that the bug you reported is fixed in the latest version of
mailman, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[email protected]> (supplier of updated mailman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 13 Sep 2016 16:01:59 +0000
Source: mailman
Binary: mailman
Architecture: source amd64
Version: 1:2.1.23-1
Distribution: unstable
Urgency: medium
Maintainer: Mailman for Debian <[email protected]>
Changed-By: Thijs Kinkhorst <[email protected]>
Description:
mailman - Powerful, web-based mailing list manager
Closes: 835970
Changes:
mailman (1:2.1.23-1) unstable; urgency=medium
.
* New upstream release.
- Fixes CSRF in user options (CVE-2016-6893, closes: #835970).
Checksums-Sha1:
29be3144e8e80d58e88f66b1403616f623b7d467 1765 mailman_2.1.23-1.dsc
bee329ca989fc4e217fc5cdb814a1a4ecde79615 9290881 mailman_2.1.23.orig.tar.gz
a0c731ec90eba1180ad5f94a290eb98d2198f071 102404 mailman_2.1.23-1.debian.tar.xz
ecf7e4b696506c9f016cb3e84a81d72652a5bf59 18284
mailman-dbgsym_2.1.23-1_amd64.deb
cff6887e321d937f4da038d518a1829f70a589b5 4391984 mailman_2.1.23-1_amd64.deb
Checksums-Sha256:
3674680323c1dc55b4035f77a0e45278774d8b5fcd4348c8a48ba5237cab5826 1765
mailman_2.1.23-1.dsc
b022ca6f8534621c9dbe50c983948688bc4623214773b580c2c78e4a7ae43e69 9290881
mailman_2.1.23.orig.tar.gz
2aa211cb4e29ef5be5d87ecbd250435c2d569feb8ca4da2db9065a621007b8d7 102404
mailman_2.1.23-1.debian.tar.xz
b4d1c829981f9b27dcb37c136f90628a1338bf00fded3b8f1a92e3cd287a52aa 18284
mailman-dbgsym_2.1.23-1_amd64.deb
d2ac02de9195477ccd236c177542ece0c434229724e10dacf939e6d6046996f4 4391984
mailman_2.1.23-1_amd64.deb
Files:
0ff1721df9e49a089564a0d1beb69d89 1765 mail optional mailman_2.1.23-1.dsc
ceb2d8427e29f4e69b2505423ffeb60b 9290881 mail optional
mailman_2.1.23.orig.tar.gz
437282c8fa61b26892a6e3b09e27f99b 102404 mail optional
mailman_2.1.23-1.debian.tar.xz
48c006bedc2d932491b648941fc98efb 18284 debug extra
mailman-dbgsym_2.1.23-1_amd64.deb
c88baa314ccab1c8e050f61aa42950aa 4391984 mail optional
mailman_2.1.23-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJX2C5AAAoJEFb2GnlAHawE0QEH/Akvls1BLtxTGGBQ4ml6Op9j
qWbIQ5l1lWrPN5DjH5YSRKKFUY23dB81f/k6RGbUwDtj5C3ISTfVQ60PUxP2Wxo+
bVH+xYFwe8PNzYvmxqb/EAMrp/OtBHgd433pe6Rq+m22fb4ua9sc2tlRR0fW+HmO
zaFbSLweH9BYbg+NV3t47PS1toOy5/kMhBHcuhGBo1KzwFWYxDiuoY3gsmiLd5od
79/1oQ5pmlx7cAQtcqG45M4WSE27tqBzsG4yVzcVk5EQgzPrGy1O8MZKSfIu/0wZ
S3AveHZjsIWDjltR8IVQ/WcKgYufXtj9KTcBBm4iQRUzVRFz8QdAS18RYeDCao4=
=BlkY
-----END PGP SIGNATURE-----
--- End Message ---