[20:10] <fungi> i'm assuming the answer is probably "yes" so sorry if this is being asked for the 10th time today, but are CVE-2021-42096 and CVE-2021-42097 for mailman 2.1 already on somebody's radar? looks like the lp bugs include directly backportable patches, but i don't see any mention in the ubuntu security tracker...
[20:10] <fungi> https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/
[20:13] <sarnold> fungi: I think you're the first, and I don't see them in our database yet
[20:14] <fungi> thanks sarnold! also, i hate being first :/
[20:15] <fungi> luckily it's all python, so we'll probably just end up hand-patching our servers for those, but now that it's made the rounds on the oss-sec ml i figure there's going to be others looking closer
[20:44] <sbeattie> fungi: sorry, which lp bugs?
[20:45] <clarkb> I think https://bugs.launchpad.net/mailman/+bug/1947639 and https://bugs.launchpad.net/mailman/+bug/1947640. The patch for both is apparently the same.
[20:45] <sarnold> https://bugs.launchpad.net/mailman/+bug/1947639 and https://bugs.launchpad.net/mailman/+bug/1947640
[20:45] <sarnold> sbeattie: I've added these to uct
[21:00] <sbeattie> thanks
[21:42] <fungi> yep those, sorry stepped away to attend to a hot wok for a while
[21:42] <fungi> the ones linked from the ml post
[21:43] <fungi> thanks for the quick attention!
[22:42] <sbeattie> mailman/bionic is building in https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/