[Mailman-Users] Mailman-2.1.x vulnerabilities found

April 29, 2025


      Just received word about those three:
https://github.com/0NYX-MY7H/CVE-2025-43921
-- wasn't able to reproduce on 2.1.39
https://github.com/0NYX-MY7H/CVE-2025-43920
-- wasn't able to reproduce on 2.1.39, due to not using an *_EXTERNAL_ARCHIVER
https://github.com/0NYX-MY7H/CVE-2025-43919
-- wasn't able to reproduce on 2.1.39, getting "Access denied" from Mailman
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155
ralf.hildebrandt@charite.de
https://www.charite.de