Dec. 13, 2021
6:02 p.m.
Public bug reported: The fix for CVE-2021-42097 requires that the user submitting a user options form match the user in the CSRF token submitted with the form, but the match is case sensitive and should not be. There is also a potential NameError exception in logging a mismatch. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1954694 Title: CSRF check for user tokens should not be case sensitive. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1954694/+subscriptions