Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted postorius 1.3.4-2+deb11u2 (source all) into oldoldstable-security
Date: Mon, 25 May 2026 14:40:16 +0000
Signed by: Daniel Leidert <dleidert@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 May 2026 01:18:59 +0200
Source: postorius
Binary: python3-django-postorius
Architecture: source all
Version: 1.3.4-2+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Mailman Team <pkg-mailman-hackers@lists.alioth.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Description:
 python3-django-postorius - Web user interface to access GNU Mailman3
Closes: 1136003
Changes:
 postorius (1.3.4-2+deb11u2) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Team.
   * d/patches/CVE-2026-44742.patch: Add patch to fix CVE-2026-44742.
     - If an email is sent to a mailing list with a subject containing HTML code
       and placed in Held messages, the HTML code is rendered without escaping
       in the title of the Held messages pop-up leading to a Cross-site
       Scripting (XSS) vulnerability (closes: #1136003).
Checksums-Sha1:
 b047b4ab863ef718eabe5509fda4026f5a1cbf9d 2382 postorius_1.3.4-2+deb11u2.dsc
 6156d8954ce2c3b05de6e6cc722374b5e3410ea2 2802672 postorius_1.3.4.orig.tar.gz
 422dfa408cea26c646a6c17d8c8b8eac173806b4 118420 postorius_1.3.4-2+deb11u2.debian.tar.xz
 f36a957fc4d01800670908521feb2174bbb1f8ed 8327 postorius_1.3.4-2+deb11u2_amd64.buildinfo
 fe7028e75eb14afbbf31ee5a52a6d09febd27dbc 1003536 python3-django-postorius_1.3.4-2+deb11u2_all.deb
Checksums-Sha256:
 93781f1d77a1c042e1ab0402d0e02992c46d40aa50aabd11f9b61c8f2038b530 2382 postorius_1.3.4-2+deb11u2.dsc
 2f602950640dbd1d1456fa1d54cfb03338d82d991e808e1f4f8c94894fdc89b5 2802672 postorius_1.3.4.orig.tar.gz
 a047c925ee1d380b641cd84acb03185194d40c57adfed08719b472f7d2c4866d 118420 postorius_1.3.4-2+deb11u2.debian.tar.xz
 df2634f0e6cb8670ee1638bbf20304f354226aaf138b259e1f8e0b8f6194cc2e 8327 postorius_1.3.4-2+deb11u2_amd64.buildinfo
 d417fa8f2d250e74c341e52c408d86ad194b8f992d578a93b0146b89ed9cac4c 1003536 python3-django-postorius_1.3.4-2+deb11u2_all.deb
Files:
 5eeea3c18a9b8bc0021a444019a11436 2382 python optional postorius_1.3.4-2+deb11u2.dsc
 8b8cba904fa1828da3907a4fb5344669 2802672 python optional postorius_1.3.4.orig.tar.gz
 cf264bf7104e1940cc12b4beb646107d 118420 python optional postorius_1.3.4-2+deb11u2.debian.tar.xz
 fe70ca8cc970f992f93e61b6b360baad 8327 python optional postorius_1.3.4-2+deb11u2_amd64.buildinfo
 dcc345c1a78077e34ede5f4ea0ed2581 1003536 python optional python3-django-postorius_1.3.4-2+deb11u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmoUW08ACgkQS80FZ8KW
0F2uNhAAwtyur6bE+imw0iKhSojtcDcVBsUiys22hIKGtjnJQt3C0ZKlRc0mVgeF
cA8QgXnIIjaITPDtW7lGkUSYw3wc75QlYl4rPLtQ7424EuMu8b+MYuxa7nehH8XG
aimMhPxV8kjb7GKgXhi4006SpAA4PRDrBXuwGzH9mO4rFqBd95swNr6MqGiIifv6
BGB9vhbb93kYBdsMGGTrzcyi00R7dvY6sbaeav3iVBbhHbgbXuebUR5pbWxSXqEA
Rk31gY7bT4gTEobaT8TeS4xXe/BXc7+DRAeGwPhbWZfDFy6ms+PlAnNnnbFnk83S
ytunf5XVsrh5edWjcMVojZAlDsTFTtOepOIEeR6opnVgb86RdADwdyfjO8JxwOh6
sDSIr7VXJASYLvGXZM1IHkEGZtVfaIPoknDn2bdEfr0yXHTwqzFMnY6U3iBNBkHr
PMNPYSWlaVS7PACqb96zBn+b27oGj+zgK5yzrM2mo4z2QDtx4EDCO9P64QHamZqn
BKW8NTA1vj2nS5z4w5FH/UQLeUzL7n83bagSchBIYDRQP2h4RlsTdWNgHadWZVya
LSoB2jO4tNRJxA/ijFjhINSL8kAtCIghsiIlyhD+bLj2hYwfuzhK8F2UIUuTGE34
0F0lQJ5XM/BnzOHYoYdPurIGjVPamUn5rfiE02Yp3HXtR9Dq88c=
=ivsg
-----END PGP SIGNATURE-----
News for package postorius
