On Fri, May 28, 2021 at 11:06:31AM +0200, Jonas Meurer wrote:
> Hey Moritz,
>
> Moritz Muehlenhoff wrote:
> > This was assigned CVE-2021-33038:
> > https://gitlab.com/mailman/hyperkitty/-/issues/380
> >
> > Patch is here:
> > https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
>
> Thanks a lot for reporting the security bug!
>
> I'll upload hyperkitty 1.3.4-4 in a few minutes with the patch applied. Will
> open an unblock request for Bullseye as soon as the package hit the archive.
>
> Do you want to take care of preparing an upload to buster-security or shall
> I prepare that one as well?
Please do! Version number should be 1.2.2-1+deb10u1
Cheers,
Moritz
