Your message dated Sat, 17 Sep 2016 17:17:34 +0000
with message-id <e1bljf8-0006do...@franck.debian.org>
and subject line Bug#835970: fixed in mailman 1:2.1.18-2+deb8u1
has caused the Debian Bug report #835970,
regarding mailman: CVE-2016-6893: CSRF protection needs to be extended to the 
user options page
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
835970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835970
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mailman
Version: 1:2.1.15-1
Severity: important
Tags: security upstream patch
Forwarded: https://bugs.launchpad.net/mailman/+bug/1614841

Hi,

the following vulnerability was published for mailman.

CVE-2016-6893[0]:
CSRF protection needs to be extended to the user options page

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-6893
[1] https://bugs.launchpad.net/mailman/+bug/1614841

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: mailman
Source-Version: 1:2.1.18-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
mailman, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 835...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <th...@debian.org> (supplier of updated mailman package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 15 Sep 2016 07:47:56 +0200
Source: mailman
Binary: mailman
Architecture: source amd64
Version: 1:2.1.18-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Mailman for Debian <pkg-mailman-hack...@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <th...@debian.org>
Description:
 mailman    - Powerful, web-based mailing list manager
Closes: 835970
Changes:
 mailman (1:2.1.18-2+deb8u1) jessie-security; urgency=high
 .
   * CVE-2016-6893: Fix CSRF vulnerability associated in the user options page
     which could allow an attacker to obtain a user's password. (Closes: 
#835970)
Checksums-Sha1:
 20ca9f3b48b52841f98bd6b5660a25da4d3678cb 1725 mailman_2.1.18-2+deb8u1.dsc
 3ea3aff36984a7ccc92bc784b7e76cb8156fa4fc 9095038 mailman_2.1.18.orig.tar.gz
 e4059578d67b62e762605e59f59c32751cb44199 104920 
mailman_2.1.18-2+deb8u1.debian.tar.xz
 f3461bbdea619e88b676306b36430820fdfeb6f6 4292892 
mailman_2.1.18-2+deb8u1_amd64.deb
Checksums-Sha256:
 b9ae5081efcc832b1d1d7ee9ba3198ee87a5c44e93999a22f6fc0c244d7c5fdf 1725 
mailman_2.1.18-2+deb8u1.dsc
 dc1d605321448e7e5e804e26493f7689a0b17f0810505dc3f9774f9519308349 9095038 
mailman_2.1.18.orig.tar.gz
 7f4febfb526feb163e218a182bb75b9a878f31911a5136131685b6f27e59b783 104920 
mailman_2.1.18-2+deb8u1.debian.tar.xz
 2ebe37d9730921333f8a58fb0734f98700a3c3ec624a0d6e9fbba800864b6113 4292892 
mailman_2.1.18-2+deb8u1_amd64.deb
Files:
 3c0e73ca4f4f3c3611ad53f62caa2d19 1725 mail optional mailman_2.1.18-2+deb8u1.dsc
 02ce493711248e1d3723356188446d9f 9095038 mail optional 
mailman_2.1.18.orig.tar.gz
 0b1b1e7f01988ce8925e7ea08c360c76 104920 mail optional 
mailman_2.1.18-2+deb8u1.debian.tar.xz
 686b300f9325149533acb0adb606d100 4292892 mail optional 
mailman_2.1.18-2+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJX2jtgAAoJEFb2GnlAHawE6YgH/2U9P19aMk++s3tYZUTeEgv5
kVYwYGRaaG3Sbi1UaCTg0LWifDKjZNaLWudedXOoLTOzz3QYvaIIl7KwT1HUsZi9
f0Hu+rJ6FEL+ig0OJTVMlCD0XQ+cK8X7deKys9QuIWq8qffnNERduN+4LgL0PuaG
nojsS8Wpv47+m2Sqyu3ySxH6wjhfoUGulBXk01Vml4dIQACLyA9rIj9blI89nhNe
N4Bpoe6PxrTXhf+XBWyZpmSD65d23wbp8sDDnyiwmC/h8zE+w+1J/dCJC9pOv3xU
BW6Uvh8HNsPftcM/eirUrgaZs+O182Rmpep6THicrnAB6lZqCFBDV7yQrBq6vfI=
=4pXf
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to