=== cpaelzer_ is now known as cpaelzer
[20:36] <sarnold> fungi: https://ubuntu.com/security/CVE-2021-42097 now shows the correct status :) thanks for the report
[20:36] <ubottu> GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42097>
[21:00] <fungi> sarnold: yep, noticed that earlier today. thanks again for all the hard work!
[21:01] <sarnold> fungi: woot :) it was all others, not me, I'm just pushing buttons :)
[21:02] <fungi> even tracking these things is work ;)
=== LordOfThePings is now known as Hash