On Fri, May 28, 2021 at 11:06:31AM +0200, Jonas Meurer wrote: > Hey Moritz, > > Moritz Muehlenhoff wrote: > > This was assigned CVE-2021-33038: > > https://gitlab.com/mailman/hyperkitty/-/issues/380 > > > > Patch is here: > > https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa > > Thanks a lot for reporting the security bug! > > I'll upload hyperkitty 1.3.4-4 in a few minutes with the patch applied. Will > open an unblock request for Bullseye as soon as the package hit the archive. > > Do you want to take care of preparing an upload to buster-security or shall > I prepare that one as well?
Please do! Version number should be 1.2.2-1+deb10u1 Cheers, Moritz