I am pleased to announce the release of Mailman 2.1.36.
This is a security release. It fixes
https://bugs.launchpad.net/mailman/+bug/1949401 CVE-2021-43331 and
https://bugs.launchpad.net/mailman/+bug/1949403 CVE-2021-43332. The
former of these could allow an XSS attack against the user
Two new security issues have been reported in Mailman 2.1. These have
been given the IDs CVE-2021-43331 and CVE-2021-43332.
I plan to release 2.1.36 with full details this Friday, November 12. At
that time the vulnerabilities will be made public and patches will also
be made available.
--
A couple of vulnerabilities have recently been reported. Thanks to Andre
Protas, Richard Cloke and Andy Nuttall of Apple for reporting these and
helping with the development of a fix.
CVE-2021-42096 could allow a list member to discover the list admin
password.
CVE-2021-42097 could allow a
