oss-sec mailing list archives

Re: CVE Request: multiple vulnerabilities in spip

From: David Prévot <taffit () debian org>
Date: Sun, 10 Nov 2013 09:59:22 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Le 10/11/2013 02:23, Salvatore Bonaccorso a écrit :

 - cross-site request forgery on logout. The patch adds a confirmation
   button when loggin out.
   commit for 2.1.24: http://core.spip.org/projects/spip/repository/revisions/20874
   3.0.x did not contain the fix, and is probably not affected (David
   can you confirm?)


It had been fix in 3.0.10:
http://core.spip.org/projects/spip/repository/revisions/20593

Regards

David


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJSf5E6AAoJEAWMHPlE9r08IlAH/A5cqzSWU+EkjLRgRlzlElYM
lrlnd78X494bXzkLehyWJC9SSi6FyxEU/q27138jZ0i8DawY1xazpVibWBB4UP8n
au4yg+0WWR/mcLZ0Tj7cuACyMAVMjZ/85uPZ0KNyTmIdwcIXGe/4+oDPSYOXkLas
yrWW9UZDzN4bi7DMU3NAlSmHCabHu5wCsS/XQogg65jjVlX315Ko8AjWV5c/XDl9
Xzft+k2vF8AS1HjGoN0whE9I4xfoscy5Sve8z4CcgLgN1tQcFKKO7q3NrSoTep3s
WWmI3Z5bwCT7qfUcSQfzH1oPfWMUi90C5tM4yEEQHmvvIfq9yifXTzKh4fjs1rw=
=bfST
-----END PGP SIGNATURE-----

Current thread:

CVE Request: multiple vulnerabilities in spip Salvatore Bonaccorso (Nov 09)
- Re: CVE Request: multiple vulnerabilities in spip David Prévot (Nov 10)
- Re: CVE Request: multiple vulnerabilities in spip Kurt Seifried (Nov 10)