| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-README.rst-remove-embedded-images.patch | README.rst: remove embedded images The documentation files shipped with Debian packages should not embed remote images, especially not from sources that are known to track users (like shields.io). |
Jonas Meurer <jonas@freesources.org> | not-needed | 2017-12-14 | ||
| 0002-PATCH-Check-a-user-owns-the-email-they-are-trying-to.patch | [PATCH] Check a user owns the email they are trying to unsubscribe (CVE-2021-40347) The list unsubscribe/ endpoint now performs validation that the user making the request owns the email address they have requested be unsubscribed. Without this check, any logged-in user could unsubscribe any other email address from any list, also leaking whether that address was subscribed in the first place. |
Kunal Mehta <legoktm@debian.org> | no | debian | upstream, https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b | 2021-09-09 |