oss-sec mailing list archives
Re: CVE request: roundcube < 0.5.1 CSRF
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 24 Mar 2011 13:09:54 +0100
Thanks, Hanno. Hanno Böck wrote:
http://trac.roundcube.net/wiki/Changelog two cross site request forgery, one additional issue fixed in 0.5.1: "Security: add optional referer check to prevent CSRF in GET requests
Looks this one being just security hardening with the patches: [1] http://trac.roundcube.net/changeset/4503 [2] http://trac.roundcube.net/changeset/4504 For the CSRF flaws:
Security: protect login form submission from CSRF
Patch: [3] http://trac.roundcube.net/changeset/4490
Security: prevent from relaying malicious requests through modcss.inc"
Patch: [4] http://trac.roundcube.net/changeset/4488 Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE request: roundcube < 0.5.1 CSRF Hanno Böck (Mar 24)
- Re: CVE request: roundcube < 0.5.1 CSRF Jan Lieskovsky (Mar 24)