--- - branch: pkgsrc-2021Q3 date: Sat Nov 20 21:50:39 UTC 2021 files: - new: 1.94.8.1 old: '1.94' path: pkgsrc/mail/mailman/Makefile pathrev: pkgsrc/mail/mailman/Makefile@1.94.8.1 type: modified - new: 1.30.10.1 old: '1.30' path: pkgsrc/mail/mailman/PLIST pathrev: pkgsrc/mail/mailman/PLIST@1.30.10.1 type: modified - new: 1.28.10.1 old: '1.28' path: pkgsrc/mail/mailman/distinfo pathrev: pkgsrc/mail/mailman/distinfo@1.28.10.1 type: modified id: 20211120T215039Z.ee2a2e9c8b54eb68e01bd559fd03ac718851e77b log: | Pullup ticket #6534 - requested by bsiegert mail/mailman: security fix Revisions pulled up: - mail/mailman/Makefile 1.95 - mail/mailman/PLIST 1.31 - mail/mailman/distinfo 1.31 --- Module Name: pkgsrc Committed By: tm Date: Tue Oct 26 18:42:55 UTC 2021 Modified Files: pkgsrc/mail/mailman: Makefile PLIST distinfo Log Message: mail/mailman: Update to 2.1.35 2.1.35 (19-Oct-2021) Security - A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-42096 (LP:#1947639) - A CSRF attack via the user options page could allow takeover of a users account. This is fixed. CVE-2021-42097 (LP:#1947640) Bug Fixes and other patches - Fixed an issue where sometimes the wrapper message for DMARC mitigation Wrap Message has no Subject:. (LP: #1915655) - Plain text message bodies with Content-Disposition: and no declared charset are no longer scrubbed. (LP: #1917968) - CommandRunner now recodes message bodies in the charset of the user's or list's language to avoid a possible UnicodeError when including the message body in the reply. (LP: #1921682) - Delivery disabled by bounce notices to admins now have 'disabled' properly translated. (LP: #1922843) - DMARC policy discovery ignores domains with multiple DMARC records per RFC 7849, (LP: 1931029) module: pkgsrc subject: 'CVS commit: [pkgsrc-2021Q3] pkgsrc/mail/mailman' unixtime: '1637445039' user: tm