-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 09 Nov 2020 12:12:41 +0100 Source: sympa Binary: sympa Architecture: source Version: 6.2.16~dfsg-3+deb9u4 Distribution: stretch-security Urgency: high Maintainer: Debian Sympa team <pkg-sympa-devel@lists.alioth.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: sympa - Modern mailing list manager Closes: 908165 972189 Changes: sympa (6.2.16~dfsg-3+deb9u4) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Ask the user whether they want/need sympa_newaliases-wrapper to be setuid root (CVE-2020-26880 mitigation). * CVE-2018-1000671: Sympa contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. (Closes: #908165) * Document dropping deprecated CGI mode. (Closes: #972189) Checksums-Sha1: dd43fccfa7e0d29df91fe2e32efb96a370245afd 2160 sympa_6.2.16~dfsg-3+deb9u4.dsc a24d3f5c613ecc33f4786af3ee16987591152798 177052 sympa_6.2.16~dfsg-3+deb9u4.debian.tar.xz 7484dfa53ff89a78d37399ca3d651554aaed440e 7333 sympa_6.2.16~dfsg-3+deb9u4_amd64.buildinfo Checksums-Sha256: 419d002b5faa01886f410af613223f056bb5236a6ae7c19d1f27088add160f93 2160 sympa_6.2.16~dfsg-3+deb9u4.dsc 318042e6de74568ae463986c64524696f9e3b019ed9325dd3688a97050336239 177052 sympa_6.2.16~dfsg-3+deb9u4.debian.tar.xz 81336f37e3ca6d849428c14ee5a60c01328ee80adf014629ef1071fb1a8169e8 7333 sympa_6.2.16~dfsg-3+deb9u4_amd64.buildinfo Files: eb9ed7f45aca01e7f1380853a0eed82a 2160 mail optional sympa_6.2.16~dfsg-3+deb9u4.dsc 819a5c4c57185d8d5a7061a643f71ac4 177052 mail optional sympa_6.2.16~dfsg-3+deb9u4.debian.tar.xz ce5e683d6f409ddcb0022f8724ad7b4c 7333 mail optional sympa_6.2.16~dfsg-3+deb9u4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl+pMFYACgkQj/HLbo2J BZ+s9Af+PwGeV9zJSL+PvdRsOzUAnSPi2X91x5SMxWMbba8xP0ZIOpAeegZO9q5R horzvYzG9QS9tvA9eMbW2gZLCltyUmJb+YfwNuQKRDMppw5J4j4kUJNwN2cvPHtW 5Hyt++5ATw4gHVz7Bvlzf1jHHlcwDBIwajB+AHUQi5latTbp+XVYBjP638IyyBRy Wz2efZRVj6FWiccoIxdcuSJeY1h6rdsHO4zTVjS2WU2MEf6G7KCiC2ZEJKhbBCS1 rheret37GVtER3oStq6U/MwKi8FXESVmhtmV1F2ZsFgnVP0eA+bYurRrtWUYkXDU Q5FtpcJy70s674AsZTVLVHrSKi2PZw== =SxCV -----END PGP SIGNATURE-----