Debian Hyperkitty vulnerabilities

CVE-2021-33038 [HIGH] CVE-2021-33038: hyperkitty - An issue was discovered in management/commands/hyperkitty_import.py in HyperKitt... An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3. Scope: local bookwo

CVE-2021-25322 [MEDIUM] CVE-2021-25322: hyperkitty - A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of o... A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to