hi Maintainers, * https://security-tracker.debian.org/tracker/CVE-2021-40347 says that this bug (993746 - python3-django-postorius: CVE-2021-40347 New upstream to fix security bug) is fixed in all versions.
A quick browse is consistent with that: * buster patch https://salsa.debian.org/mailman-team/postorius/-/blob/debian/buster-security/debian/patches/0002-PATCH-Check-a-user-owns-the-email-they-are-trying-to.patch * bullseye patch https://salsa.debian.org/mailman-team/postorius/-/blob/debian/bullseye-security/debian/patches/0002-PATCH-Check-a-user-owns-the-email-they-are-trying-to.patch * bookworm/trixie/sid are at version 1.3.8-3 https://tracker.debian.org/pkg/postorius I'm new to mailman3 (finally got the upgrade from mailman2 done), but it looks like time to close this bug. Cheers Boud
