Package: sympa Version: 6.2.40~dfsg-1+deb10u1 Severity: important Dear Maintainer,
After installation of the security update the web isterface is defunct. It still loads the "default" site (here: https://$DOMAIN/wws/) but that also the site that will be loaded when selecting an menue entry, for example "Login". (IOW, Login not possible as the login form is not presented) Downgrading to 6.2.40~dfsg-1 makes it work again. Webserver is an nginx instance. The only hint I got (could be a red herring) is this in the nginx error log, the sympa log is silent… Heres a example of the nginx one: (There are many of those…) 2020/12/27 12:13:57 [error] 8193#8193: *2819965 FastCGI sent in stderr: "[Sun Dec 27 12:13:57 2020] wwsympa.fcgi: Use of uninitialized value in string ne at /usr/share/sympa/lib/Sympa/WWW/Session.pm line 408.^M [Sun Dec 27 12:13:57 2020] wwsympa.fcgi: Use of uninitialized value $remote_addr in string ne at /usr/share/sympa/lib/Sympa/WWW/Session.pm line 408" while reading upstream, client: 80.209.204.233, server: lists.regensburg-repariert.de, request: "GET /wws/reviewbouncing/info HTTP/2.0", upstream: "fastcgi://unix:/run/fcgiwrap.socket:", host: "lists.regensburg-repariert.de" 2020/12/27 12:14:21 [error] 8193#8193: *2819965 FastCGI sent in stderr: "[Sun Dec 27 12:14:21 2020] wwsympa.fcgi: Use of uninitialized value in string ne at /usr/share/sympa/lib/Sympa/WWW/Session.pm line 408.^M (Those started exactly on Dec 24, after unattende-upgrades pulled in the security update) Let me know if I can provide more information… Cheers, -- tobi
