oss-sec mailing list archives
CVE request: roundcube < 0.5.1 CSRF
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 24 Mar 2011 10:24:31 +0100
http://trac.roundcube.net/wiki/Changelog two cross site request forgery, one additional issue fixed in 0.5.1: "Security: add optional referer check to prevent CSRF in GET requests Security: protect login form submission from CSRF Security: prevent from relaying malicious requests through modcss.inc" -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/ JETZT zu Ökostrom wechseln: http://atomausstieg-selber-machen.de
Attachment:
signature.asc
Description:
Current thread:
- CVE request: roundcube < 0.5.1 CSRF Hanno Böck (Mar 24)
- Re: CVE request: roundcube < 0.5.1 CSRF Jan Lieskovsky (Mar 24)