Re Comment #3 it appears this has triggered a new CVE-2016-7123 to be issued just based on this one line that Mark Sapiro wrote with no other confirmation than this launchpad bug #1614841, but I wonder if the latter CVE (CVE-2016-7123) is a duplicate of the old CVE-2011-0707, or a new separate issue. Haven't been able to find relevant information so far, and people are also wondering and reporting this elsewhere. <https://www.cvedetails.com/cve/CVE-2011-0707/> Related: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212378 <- requesting FreeBSD to list CVE-2016-7123 as a new bug (note that FreeBSD already marked CVE-2016-6893 which covers a wider span of versions). ** Bug watch added: bugs.freebsd.org/bugzilla/ #212378 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212378 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0707 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-7123 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1614841 Title: CSRF protection needs to be extended to the user options page To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1614841/+subscriptions