=== cpaelzer_ is now known as cpaelzer | ||
sarnold | fungi: https://ubuntu.com/security/CVE-2021-42097 now shows the correct status :) thanks for the report | 20:36 |
---|---|---|
ubottu | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42097> | 20:36 |
fungi | sarnold: yep, noticed that earlier today. thanks again for all the hard work! | 21:00 |
sarnold | fungi: woot :) it was all others, not me, I'm just pushing buttons :) | 21:01 |
fungi | even tracking these things is work ;) | 21:02 |
=== LordOfThePings is now known as Hash |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!