AVG-2485 log

Package mailman
Status Fixed
Severity Medium
Type multiple issues
Affected 2.1.34-2
Fixed 2.1.35-1
Current 2.1.38-1 [community]
Ticket None
Created Thu Oct 21 08:35:50 2021
Issue Severity Remote Type Description
CVE-2021-42097 Medium Yes Cross-site request forgery
GNU Mailman before 2.1.35 may allow remote privilege escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value...
CVE-2021-42096 Medium Yes Private key recovery
GNU Mailman before 2.1.35 may allow remote privilege escalation. A certain csrf_token value is derived from the admin password, and may be useful in...