Hey Moritz, Moritz Muehlenhoff wrote:
On Fri, May 28, 2021 at 11:06:31AM +0200, Jonas Meurer wrote:Moritz Muehlenhoff wrote:This was assigned CVE-2021-33038: https://gitlab.com/mailman/hyperkitty/-/issues/380Patch is here: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804faThanks a lot for reporting the security bug! I'll upload hyperkitty 1.3.4-4 in a few minutes with the patch applied. Will open an unblock request for Bullseye as soon as the package hit the archive. Do you want to take care of preparing an upload to buster-security or shall I prepare that one as well?Please do! Version number should be 1.2.2-1+deb10u1
Done now. The sources for 1.2.2-1+deb10u1 can be found hier: https://salsa.debian.org/mailman-team/hyperkitty/-/tree/debian/buster-security Will you handle the upload or shall I upload to buster-security as well? Kind regards jonas
OpenPGP_signature
Description: OpenPGP digital signature

