Package: python3-django-postorius Version: 1.3.4-2 Severity: important Tags: upstream
Dear Maintainer, There is a new upstream (and patches to this version) available, to address security issue CVE-2021-40347. This vulnerability allows any logged-in-user to unsubscribe any user from any list. Version 1.3.5 fixes the issue; plus a patch was posted to the mailman3 mailing list. -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-cloud-amd64 (SMP w/1 CPU thread) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-django-postorius depends on: ii fonts-glyphicons-halflings 1.009~3.4.1+dfsg-2 ii libjs-bootstrap4 4.5.2+dfsg1-8 ii libjs-jquery 3.5.1+dfsg+~3.5.5-7 ii libjs-sphinxdoc 3.5.4-2 ii node-html5shiv 3.7.3+dfsg-3 ii python3 3.9.2-3 ii python3-cmarkgfm 0.4.2-1+b3 ii python3-django 2:2.2.24-1 ii python3-django-mailman3 1.3.5-2 ii python3-mailmanclient 3.3.2-1 ii python3-readme-renderer 24.0-3 ii sphinx-rtd-theme-common 0.5.1+dfsg-1 Versions of packages python3-django-postorius recommends: ii mailman3-web 0+20200530-2 python3-django-postorius suggests no packages. -- no debconf information