oss-sec mailing list archives
Re: CVE Request: multiple vulnerabilities in spip
From: David Prévot <taffit () debian org>
Date: Sun, 10 Nov 2013 09:59:22 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, Le 10/11/2013 02:23, Salvatore Bonaccorso a écrit :
- cross-site request forgery on logout. The patch adds a confirmation button when loggin out. commit for 2.1.24: http://core.spip.org/projects/spip/repository/revisions/20874 3.0.x did not contain the fix, and is probably not affected (David can you confirm?)
It had been fix in 3.0.10: http://core.spip.org/projects/spip/repository/revisions/20593 Regards David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJSf5E6AAoJEAWMHPlE9r08IlAH/A5cqzSWU+EkjLRgRlzlElYM lrlnd78X494bXzkLehyWJC9SSi6FyxEU/q27138jZ0i8DawY1xazpVibWBB4UP8n au4yg+0WWR/mcLZ0Tj7cuACyMAVMjZ/85uPZ0KNyTmIdwcIXGe/4+oDPSYOXkLas yrWW9UZDzN4bi7DMU3NAlSmHCabHu5wCsS/XQogg65jjVlX315Ko8AjWV5c/XDl9 Xzft+k2vF8AS1HjGoN0whE9I4xfoscy5Sve8z4CcgLgN1tQcFKKO7q3NrSoTep3s WWmI3Z5bwCT7qfUcSQfzH1oPfWMUi90C5tM4yEEQHmvvIfq9yifXTzKh4fjs1rw= =bfST -----END PGP SIGNATURE-----
Current thread:
- CVE Request: multiple vulnerabilities in spip Salvatore Bonaccorso (Nov 09)
- Re: CVE Request: multiple vulnerabilities in spip David Prévot (Nov 10)
- Re: CVE Request: multiple vulnerabilities in spip Kurt Seifried (Nov 10)