[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted sympa 6.2.16~dfsg-3+deb9u4 (source) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 09 Nov 2020 12:12:41 +0100
Source: sympa
Binary: sympa
Architecture: source
Version: 6.2.16~dfsg-3+deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: Debian Sympa team <pkg-sympa-devel@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 sympa      - Modern mailing list manager
Closes: 908165 972189
Changes:
 sympa (6.2.16~dfsg-3+deb9u4) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * Ask the user whether they want/need sympa_newaliases-wrapper to
     be setuid root (CVE-2020-26880 mitigation).
   * CVE-2018-1000671: Sympa contains a CWE-601: URL Redirection to
     Untrusted Site ('Open Redirect') vulnerability in The "referer"
     parameter of the wwsympa.fcgi login action. that can result in Open
     redirection and reflected XSS via data URIs. (Closes: #908165)
   * Document dropping deprecated CGI mode. (Closes: #972189)
Checksums-Sha1:
 dd43fccfa7e0d29df91fe2e32efb96a370245afd 2160 sympa_6.2.16~dfsg-3+deb9u4.dsc
 a24d3f5c613ecc33f4786af3ee16987591152798 177052 sympa_6.2.16~dfsg-3+deb9u4.debian.tar.xz
 7484dfa53ff89a78d37399ca3d651554aaed440e 7333 sympa_6.2.16~dfsg-3+deb9u4_amd64.buildinfo
Checksums-Sha256:
 419d002b5faa01886f410af613223f056bb5236a6ae7c19d1f27088add160f93 2160 sympa_6.2.16~dfsg-3+deb9u4.dsc
 318042e6de74568ae463986c64524696f9e3b019ed9325dd3688a97050336239 177052 sympa_6.2.16~dfsg-3+deb9u4.debian.tar.xz
 81336f37e3ca6d849428c14ee5a60c01328ee80adf014629ef1071fb1a8169e8 7333 sympa_6.2.16~dfsg-3+deb9u4_amd64.buildinfo
Files:
 eb9ed7f45aca01e7f1380853a0eed82a 2160 mail optional sympa_6.2.16~dfsg-3+deb9u4.dsc
 819a5c4c57185d8d5a7061a643f71ac4 177052 mail optional sympa_6.2.16~dfsg-3+deb9u4.debian.tar.xz
 ce5e683d6f409ddcb0022f8724ad7b4c 7333 mail optional sympa_6.2.16~dfsg-3+deb9u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl+pMFYACgkQj/HLbo2J
BZ+s9Af+PwGeV9zJSL+PvdRsOzUAnSPi2X91x5SMxWMbba8xP0ZIOpAeegZO9q5R
horzvYzG9QS9tvA9eMbW2gZLCltyUmJb+YfwNuQKRDMppw5J4j4kUJNwN2cvPHtW
5Hyt++5ATw4gHVz7Bvlzf1jHHlcwDBIwajB+AHUQi5latTbp+XVYBjP638IyyBRy
Wz2efZRVj6FWiccoIxdcuSJeY1h6rdsHO4zTVjS2WU2MEf6G7KCiC2ZEJKhbBCS1
rheret37GVtER3oStq6U/MwKi8FXESVmhtmV1F2ZsFgnVP0eA+bYurRrtWUYkXDU
Q5FtpcJy70s674AsZTVLVHrSKi2PZw==
=SxCV
-----END PGP SIGNATURE-----


Reply to: