[Git][security-tracker-team/security-tracker][master] 2 commits: Track proposed update for mailman via buster-pu

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e0779e8f by Salvatore Bonaccorso at 2021-11-22T13:12:23+01:00
Track proposed update for mailman via buster-pu

- - - - -
1137946c by Salvatore Bonaccorso at 2021-11-22T13:12:55+01:00
Add tracking bug for CVE-2021-4333{1,2}/mailman

- - - - -


2 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2803,13 +2803,13 @@ CVE-2021-43334
 CVE-2021-43333
        RESERVED
 CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the 
Cgi/admindb.py ad ...)
-       - mailman <removed>
+       - mailman <removed> (bug #1000367)
        [buster] - mailman <no-dsa> (Minor issue)
        [stretch] - mailman <no-dsa> (Minor issue)
        NOTE: 
https://mail.python.org/archives/list/mailman-annou...@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
        NOTE: https://bugs.launchpad.net/mailman/+bug/1949403
 CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the 
Cgi/options.py user ...)
-       - mailman <removed>
+       - mailman <removed> (bug #1000367)
        [buster] - mailman <no-dsa> (Minor issue)
        [stretch] - mailman <no-dsa> (Minor issue)
        NOTE: 
https://mail.python.org/archives/list/mailman-annou...@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -88,3 +88,7 @@ CVE-2019-1010319
        [buster] - wavpack 5.1.0-6+deb10u1
 CVE-2021-35604
        [buster] - mariadb-10.3 1:10.3.32-0+deb10u1
+CVE-2021-43331
+       [buster] - mailman 1:2.1.29-1+deb10u3
+CVE-2021-43332
+       [buster] - mailman 1:2.1.29-1+deb10u3



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/197cacb9c2e062a56af7d5b7b0697c48284c9309...1137946c9185dc40ecb36cfdecef5bca238bfe7e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/197cacb9c2e062a56af7d5b7b0697c48284c9309...1137946c9185dc40ecb36cfdecef5bca238bfe7e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits