------------------------------------------------------------
revno: 1878
fixes bug: https://launchpad.net/bugs/1950833
committer: Mark Sapiro <[email protected]>
branch nick: 2.1
timestamp: Fri 2021-11-12 15:23:52 -0800
message:
Fix admindb for list with no mod password.
modified:
Mailman/CSRFcheck.py
Mailman/Cgi/admindb.py
NEWS
--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1
Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription
=== modified file 'Mailman/CSRFcheck.py'
--- Mailman/CSRFcheck.py 2021-10-18 23:56:42 +0000
+++ Mailman/CSRFcheck.py 2021-11-12 23:23:52 +0000
@@ -45,7 +45,7 @@
for context in contexts:
key, secret = mlist.AuthContextInfo(context, user)
- if key:
+ if key and secret:
break
else:
return None # not authenticated
=== modified file 'Mailman/Cgi/admindb.py'
--- Mailman/Cgi/admindb.py 2021-11-03 19:04:49 +0000
+++ Mailman/Cgi/admindb.py 2021-11-12 23:23:52 +0000
@@ -59,7 +59,8 @@
else:
ssort = SSENDER
-AUTH_CONTEXTS = ((mm_cfg.AuthListModerator,))
+AUTH_CONTEXTS = (mm_cfg.AuthListModerator, mm_cfg.AuthListAdmin,
+ mm_cfg.AuthSiteAdmin)
�
=== modified file 'NEWS'
--- NEWS 2021-11-11 19:08:02 +0000
+++ NEWS 2021-11-12 23:23:52 +0000
@@ -5,6 +5,12 @@
Here is a history of user visible changes to Mailman.
+2.1.37 (12-Nov-2021)
+
+ Bug Fixes and other patches
+
+ - A bug in the fix for CVE-2021-43332 has neen fixed. (LP: #1950833)
+
2.1.36 (12-Nov-2021)
Security
_______________________________________________
Mailman-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-checkins.python.org/
Member address: [email protected]
