Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
mailman.24378
CVE-2021-43332-crack_admin_passwd.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-43332-crack_admin_passwd.patch of Package mailman.24378
=== modified file 'Mailman/CSRFcheck.py' --- Mailman/CSRFcheck.py | 2 +- Mailman/Cgi/admindb.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) --- a/Mailman/CSRFcheck.py +++ b/Mailman/CSRFcheck.py @@ -45,7 +45,7 @@ def csrf_token(mlist, contexts, user=Non for context in contexts: key, secret = mlist.AuthContextInfo(context, user) - if key: + if key and secret: break else: return None # not authenticated --- a/Mailman/Cgi/admindb.py +++ b/Mailman/Cgi/admindb.py @@ -59,8 +59,8 @@ if mm_cfg.DISPLAY_HELD_SUMMARY_SORT_BUTT else: ssort = SSENDER -AUTH_CONTEXTS = (mm_cfg.AuthListAdmin, mm_cfg.AuthSiteAdmin, - mm_cfg.AuthListModerator) +AUTH_CONTEXTS = (mm_cfg.AuthListModerator, mm_cfg.AuthListAdmin, + mm_cfg.AuthSiteAdmin)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor