Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.announce.security > #4823
| Path | csiph.com!eternal-september.org!feeder.eternal-september.org!news.corradoroberto.it!diesel.cu.mi.it!bofh.it!news.nic.it!robomod |
|---|---|
| From | Moritz Muehlenhoff <jmm@debian.org> |
| Newsgroups | linux.debian.announce.security |
| Subject | [SECURITY] [DSA 6257-1] postorius security update |
| Date | Fri, 08 May 2026 21:00:01 +0200 |
| Message-ID | <MSyAx-3Feb-15@gated-at.bofh.it> (permalink) |
| X-Original-To | debian-security-announce@lists.debian.org |
| X-Mailbox-Line | From debian-security-announce-request@lists.debian.org Fri May 8 18:54:26 2026 |
| Old-Return-Path | <jmm@seger.debian.org> |
| X-Amavis-Spam-Status | No, score=-112.191 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no |
| Old-Dkim-Signature | v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=NYeJDxAcbUjdMp9/s7QArZfK/3vCsSGXjkGHe662w2U=; b=UQ 4U2I5zsPpKCbRRTwF26WptcgOzTHC8T3Ox942lgxPC1yubn3aQzMJaK7qL2BLXZ7+bxsbz8nFdG97 WtMZtpquXzVhLeQDFlP0T2xlAES/4b/MoTDpERuO9/D5NFBKfTHamQ0aaszDJuE6Vx8SAqbFUSHLv SqCM2Y6LV1K9gEMKBuUl3RCNpbIWlQarGmoPGx96yo9pcD0UY7bRKOV6wgXE6MQ/aq1k16beqLaHC N5B6htu05NDQzY3TG9uAgPiULERnDP1fBzGwcKnQXH2RXOh0CQno9nuopEMUGZEs2tGmEhj7Bp4YZ z8mBbWkTURtZq6B1BJmg9xzjKm73Xb9g==; |
| MIME-Version | 1.0 |
| Content-Type | text/plain; charset=us-ascii |
| Content-Disposition | inline |
| X-Debian | PGP check passed for security officers |
| Priority | urgent |
| Reply-To | debian-security-announce-request@lists.debian.org |
| X-Mailing-List | <debian-security-announce@lists.debian.org> archive/latest/5182 |
| List-ID | <debian-security-announce.lists.debian.org> |
| List-URL | <http://lists.debian.org/debian-security-announce/> |
| List-Archive | https://lists.debian.org/msgid-search/af4xSmwbHW85uhTh@seger.debian.org |
| Approved | robomod@news.nic.it |
| Lines | 48 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Fri, 8 May 2026 18:54:02 +0000 |
| X-Original-Message-ID | <af4xSmwbHW85uhTh@seger.debian.org> |
| Xref | csiph.com linux.debian.announce.security:4823 |
Show key headers only | View raw
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6257-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postorius CVE ID : CVE-2026-44742 A cross-site scripting vulnerability was discovered in Postorius, the administrative web frontend for Mailman 3. For the oldstable distribution (bookworm), this problem has been fixed in version 1.3.8-3+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 1.3.13-1+deb13u1. We recommend that you upgrade your postorius packages. For the detailed security status of postorius please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postorius Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn+MR0ACgkQEMKTtsN8 TjYkxBAAt7IuFy85ApzSqW4EzmJK88+VzxRrkWOMxp4oq4iedAIcGYv6sYUtxR53 Bz3XlGuCgY3ZbsjxRKL+XDqsWvNZf34H7t8VME0RxLafA3uzXuKLXwJXn+cghrPc RtaTQqZsl2jbUTNF1V7E9QR0SGUsURln7bD3pFkU8UR98sRUzILZklgyMgFb0vlL hiYne4mZ5R93XMsDAqr8r0Jp6x5442J7zhI1JAY9SNc4FgCFelgWFduNQNN2No/5 4I4/aommlWqRLC/vk035PVxVzsFUurBfPFdLpNb8hR/tPfHvw2ow1gaIDWR30F9P or91cqBNyJQc3n5Xr+FDNL7KG/YB487MxHtFnWYHHgT1pc3Q4Ka7NnTVj3V8+OKZ lCMh2zAP6yUX0UhmaBl74gvtibF52Z/EFKMeByFWb/3QM4DJ4PIUXCPgfumf+l/S je/G49/FCK3VGXmcXxGYMV/0yaIKl+RU4ga3KD9YUbCNw8YMJ2hOan4UBB079mAh h6SlzE+iEhKbLhnxLzZLU8PEFuNoNYv0o+RPMNVo9Lx2uoCB89VIpRvxulTUZ9Jw CVndf6ISYgtX2tg4n0m43mAieaCAcxY0C2m2fCNEbeBC/lS4D2CvSfaMHuC/2Wpw MfcZgNxasctrhw+/q2QIyoMbUkpSXPGOPqaI66x7cYhIlwZpPL0= =JNIv -----END PGP SIGNATURE-----
Back to linux.debian.announce.security | Previous | Next | Find similar
[SECURITY] [DSA 6257-1] postorius security update Moritz Muehlenhoff <jmm@debian.org> - 2026-05-08 21:00 +0200
csiph-web