Alerts This Week
Warning Icon 1 1,229
Alerts This Week
Warning Icon 1 1,229

Fedora 43 introduces vital security fix for XSS flaws in python-postorius

fedora
Calendar Grey June 26, 2026
Dist Fedora Esm H88
Python-postorius in Fedora 43 has a fix for cross-site scripting risks; upgrade recommended to ensure security.
Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross- side scripting via unescaped HTML

Summary

The Postorius Django app provides a web user interface to access GNU Mailman.

Update Information:

Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross- side scripting via unescaped HTML

Topics%20covered

Topics Covered

security advisory fedora cross site scripting web application important python-postorius

Change Log

* Wed Jun 17 2026 Michel Lind - 1.3.13-1 - Backport unreleased fix for CVE-2026-44742 - With 1.3.13 we no longer need to exclude example_project * Tue Jun 16 2026 Python Maint - 1.3.12-8 - Rebuilt for Python 3.15 * Sat Jan 17 2026 Fedora Release Engineering - 1.3.12-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2476457 - CVE-2026-44742 python-postorius: Postorius: Cross-Site Scripting via unescaped HTML in message subject [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476457

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c2b475c5f1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: python-postorius
Product: Fedora 43
Version: 1.3.13
Release: 1.fc43
URL: https://gitlab.com/mailman/postorius
Summary: Web UI for GNU Mailman

Topics%20covered

Topics Covered

security advisory fedora cross site scripting web application important python-postorius

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here