Hey Moritz, Moritz Muehlenhoff wrote:
This was assigned CVE-2021-33038: https://gitlab.com/mailman/hyperkitty/-/issues/380Patch is here: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804faThanks a lot for reporting the security bug! I'll upload hyperkitty 1.3.4-4 in a few minutes with the patch applied. Will open an unblock request for Bullseye as soon as the package hit the archive. Do you want to take care of preparing an upload to buster-security or shall I prepare that one as well?Please do! Version number should be 1.2.2-1+deb10u1Done now. The sources for 1.2.2-1+deb10u1 can be found hier: https://salsa.debian.org/mailman-team/hyperkitty/-/tree/debian/buster-security Will you handle the upload or shall I upload to buster-security as well?Thanks! Update looks fine, please upload to security-security. I'll release the DSA later the evening or tomorrow.
Great, I just uploaded hyperkitty 1.2.2-1+deb10u1 targeting buster-security to security-master. Hope that I didn't miss anything.
Cheers jonas
OpenPGP_signature
Description: OpenPGP digital signature
