Package: mailman Version: 1:2.1.29-1+deb10u2 Severity: important Hi!
Mailman 2.1.36 an 2.1.37 have been released to fix CVE-2021-43331 (XSS) and CVE-2021-43332 (moderator can discover admin password): https://mail.python.org/archives/list/mailman-annou...@python.org/thread/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ Can you update the packages for Debian buster (and ideally for stretch LTS, too)? Thank you for maintaining the package, this has been very helpful. Best Regards, Thomas Arendsen Hein -- System Information: Debian Release: 10.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-18-amd64 (SMP w/32 CPU cores) Locale: LANG=en_US.utf-8, LC_CTYPE=en_US.utf-8 (charmap=UTF-8), LANGUAGE=en_US.utf-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages mailman depends on: pn apache2 | httpd <none> ii cron [cron-daemon] 3.0pl1-134+deb10u1 ii debconf [debconf-2.0] 1.5.71+deb10u1 ii libc6 2.28-10 ii logrotate 3.14.0-4 ii lsb-base 10.2019051400 ii python 2.7.16-1 ii python-dnspython 1.16.0-1+deb10u1 ii ucf 3.0038+nmu1 Versions of packages mailman recommends: ii postfix [mail-transport-agent] 3.4.14-0+deb10u1 Versions of packages mailman suggests: pn listadmin <none> ii lynx 2.8.9rel.1-3+deb10u1 pn mailman3-full <none> pn spamassassin <none> -- Thomas Arendsen Hein <tho...@intevation.de> OpenPGP key: https://intevation.de/~thomas/thomas_pgp.asc (0xD45DE28FF3A2250C) Intevation GmbH, Neuer Graben 17, 49074 Osnabrueck - AG Osnabrueck, HR B 18998 Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner