** Description changed: The fix for CVE-2021-42097 requires that the user submitting a user options form match the user in the CSRF token submitted with the form, but the match is case sensitive and should not be. + + There is also a potential NameError exception in logging a mismatch.
-- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1954694 Title: CSRF check for user tokens should not be case sensitive. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1954694/+subscriptions _______________________________________________ Mailman-coders mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/mailman-coders.python.org/ Member address: [email protected]
