| === cpaelzer_ is now known as cpaelzer | ||
| sarnold | fungi: https://ubuntu.com/security/CVE-2021-42097 now shows the correct status :) thanks for the report | 20:36 |
|---|---|---|
| ubottu | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42097> | 20:36 |
| fungi | sarnold: yep, noticed that earlier today. thanks again for all the hard work! | 21:00 |
| sarnold | fungi: woot :) it was all others, not me, I'm just pushing buttons :) | 21:01 |
| fungi | even tracking these things is work ;) | 21:02 |
| === LordOfThePings is now known as Hash | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!