Description: "An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d393c76a9277f3d09e57e0a7aecdf56c64ac469 commit 8d393c76a9277f3d09e57e0a7aecdf56c64ac469 Author: Arthur Zamarin <arthurzam@gentoo.org> AuthorDate: 2021-09-28 08:42:30 +0000 Commit: Arthur Zamarin <arthurzam@gentoo.org> CommitDate: 2021-09-28 08:42:30 +0000 net-mail/postorius: add 1.3.5, enable py3.9, enable tests Bug: https://bugs.gentoo.org/812853 Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> net-mail/postorius/Manifest | 1 + net-mail/postorius/postorius-1.3.5.ebuild | 48 +++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+)
Thank you! Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba8e8975c9fa92c30adf5bbf78594852ae2f2af8 commit ba8e8975c9fa92c30adf5bbf78594852ae2f2af8 Author: Arthur Zamarin <arthurzam@gentoo.org> AuthorDate: 2021-09-29 20:07:33 +0000 Commit: Arthur Zamarin <arthurzam@gentoo.org> CommitDate: 2021-09-29 20:07:33 +0000 net-mail/postorius: drop 1.3.3 Bug: https://bugs.gentoo.org/812853 Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> net-mail/postorius/Manifest | 1 - net-mail/postorius/postorius-1.3.3.ebuild | 32 ------------------------------- 2 files changed, 33 deletions(-)
Thank you!