[Bug 1954694] [NEW] CSRF check for user tokens should not be case sensitive.

13 Dec 2021

      Public bug reported:
The fix for CVE-2021-42097 requires that the user submitting a user
options form match the user in the CSRF token submitted with the form,
but the match is case sensitive and should not be.
There is also a potential NameError exception in logging a mismatch.
** Affects: mailman
     Importance: Medium
     Assignee: Mark Sapiro (msapiro)
         Status: In Progress
-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1954694

Title:
  CSRF check for user tokens should not be case sensitive.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1954694/+subscriptions

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

[Bug 1954694] [NEW] CSRF check for user tokens should not be case sensitive.