------------------------------------------------------------ revno: 1878 fixes bug: https://launchpad.net/bugs/1950833 committer: Mark Sapiro <m...@msapiro.net> branch nick: 2.1 timestamp: Fri 2021-11-12 15:23:52 -0800 message: Fix admindb for list with no mod password. modified: Mailman/CSRFcheck.py Mailman/Cgi/admindb.py NEWS
-- lp:mailman/2.1 https://code.launchpad.net/~mailman-coders/mailman/2.1 Your team Mailman Checkins is subscribed to branch lp:mailman/2.1. To unsubscribe from this branch go to https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription
=== modified file 'Mailman/CSRFcheck.py' --- Mailman/CSRFcheck.py 2021-10-18 23:56:42 +0000 +++ Mailman/CSRFcheck.py 2021-11-12 23:23:52 +0000 @@ -45,7 +45,7 @@ for context in contexts: key, secret = mlist.AuthContextInfo(context, user) - if key: + if key and secret: break else: return None # not authenticated === modified file 'Mailman/Cgi/admindb.py' --- Mailman/Cgi/admindb.py 2021-11-03 19:04:49 +0000 +++ Mailman/Cgi/admindb.py 2021-11-12 23:23:52 +0000 @@ -59,7 +59,8 @@ else: ssort = SSENDER -AUTH_CONTEXTS = ((mm_cfg.AuthListModerator,)) +AUTH_CONTEXTS = (mm_cfg.AuthListModerator, mm_cfg.AuthListAdmin, + mm_cfg.AuthSiteAdmin) === modified file 'NEWS' --- NEWS 2021-11-11 19:08:02 +0000 +++ NEWS 2021-11-12 23:23:52 +0000 @@ -5,6 +5,12 @@ Here is a history of user visible changes to Mailman. +2.1.37 (12-Nov-2021) + + Bug Fixes and other patches + + - A bug in the fix for CVE-2021-43332 has neen fixed. (LP: #1950833) + 2.1.36 (12-Nov-2021) Security
_______________________________________________ Mailman-checkins mailing list -- mailman-checkins@python.org To unsubscribe send an email to mailman-checkins-le...@python.org https://mail.python.org/mailman3/lists/mailman-checkins.python.org/ Member address: arch...@jab.org