CVE-2021-35057 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Private key recovery
Description	A security issue has been found in HyperKitty before version 1.3.5, where the secret archiver key is vulnerable to timing attacks. This is only exploitable if you can send a request from a approved IP listed in MAILMAN_ARCHIVER_FROM.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2003	hyperkitty	1.3.4-2	1.3.5-1	Medium	Fixed

References
https://gitlab.com/mailman/hyperkitty/-/blob/1.3.5/doc/news.rst#security https://gitlab.com/mailman/hyperkitty/-/issues/387 https://gitlab.com/mailman/hyperkitty/-/merge_requests/354 https://gitlab.com/mailman/hyperkitty/-/commit/b415d29d6cc59b3270c35b03ba3313dd03450271

References

https://gitlab.com/mailman/hyperkitty/-/blob/1.3.5/doc/news.rst#security
https://gitlab.com/mailman/hyperkitty/-/issues/387
https://gitlab.com/mailman/hyperkitty/-/merge_requests/354
https://gitlab.com/mailman/hyperkitty/-/commit/b415d29d6cc59b3270c35b03ba3313dd03450271