AVG-2485 log
| Package | mailman |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 2.1.34-2 |
| Fixed | 2.1.35-1 |
| Current | Removed |
| Ticket | None |
| Created | Thu Oct 21 08:35:50 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-42097 | Medium | Yes | Cross-site request forgery | GNU Mailman before 2.1.35 may allow remote privilege escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value... |
| CVE-2021-42096 | Medium | Yes | Private key recovery | GNU Mailman before 2.1.35 may allow remote privilege escalation. A certain csrf_token value is derived from the admin password, and may be useful in... |