Pullup ticket #6534 - requested by bsiegert
mail/mailman: security fix

Revisions pulled up:
- mail/mailman/Makefile                                        1.95
- mail/mailman/PLIST                                            1.31
- mail/mailman/distinfo                                        1.31

---
  Module Name:    pkgsrc
  Committed By:  tm
  Date:          Tue Oct 26 18:42:55 UTC 2021

  Modified Files:
          pkgsrc/mail/mailman: Makefile PLIST distinfo

  Log Message:
  mail/mailman: Update to 2.1.35

  2.1.35 (19-Oct-2021)
    Security
      - A potential for for a list member to carry out an off-line brute force
        attack to obtain the list admin password has been reported by Andre
        Protas, Richard Cloke and Andy Nuttall of Apple.  This is fixed.
        CVE-2021-42096  (LP:#1947639)
      - A CSRF attack via the user options page could allow takeover of a users
        account.  This is fixed.  CVE-2021-42097  (LP:#1947640)
    Bug Fixes and other patches
      - Fixed an issue where sometimes the wrapper message for DMARC mitigation
        Wrap Message has no Subject:.  (LP: #1915655)
      - Plain text message bodies with Content-Disposition: and no declared
        charset are no longer scrubbed.  (LP: #1917968)
      - CommandRunner now recodes message bodies in the charset of the user's
        or list's language to avoid a possible UnicodeError when including the
        message body in the reply.  (LP: #1921682)
      - Delivery disabled by bounce notices to admins now have 'disabled'
        properly translated.  (LP: #1922843)
      - DMARC policy discovery ignores domains with multiple DMARC records per
        RFC 7849,  (LP: 1931029)

(tm)