Alerts This Week
Warning Icon 1 1,229
Alerts This Week
Warning Icon 1 1,229

Fedora 44 python-postorius Critical Cross-Site Scripting CVE-2026-44742

fedora
Calendar Grey June 26, 2026
Dist Fedora Esm H88
Addressing important update for Fedora 44’s python-postorius to fix cross-site scripting issue. Timely action recommended.
Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross- side scripting via unescaped HTML

Summary

The Postorius Django app provides a web user interface to access GNU Mailman.

Update Information:

Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross- side scripting via unescaped HTML

Topics%20covered

Topics Covered

security advisory fedora cross site scripting important python Postorius

Change Log

* Wed Jun 17 2026 Michel Lind - 1.3.13-1 - Backport unreleased fix for CVE-2026-44742 - With 1.3.13 we no longer need to exclude example_project * Tue Jun 16 2026 Python Maint - 1.3.12-8 - Rebuilt for Python 3.15

References


[ 1 ] Bug #2476457 - CVE-2026-44742 python-postorius: Postorius: Cross-Site Scripting via unescaped HTML in message subject [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476457

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ef34f94241' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: python-postorius
Product: Fedora 44
Version: 1.3.13
Release: 1.fc44
URL: https://gitlab.com/mailman/postorius
Summary: Web UI for GNU Mailman

Topics%20covered

Topics Covered

security advisory fedora cross site scripting important python Postorius

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here