Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Mar 2011 10:24:31 +0100
From: Hanno Böck <>
Subject: CVE request: roundcube < 0.5.1 CSRF

two cross site request forgery, one additional issue fixed in 0.5.1:

"Security: add optional referer check to prevent CSRF in GET requests
Security: protect login form submission from CSRF
Security: prevent from relaying malicious requests through"

Hanno Böck		mail/jabber:

JETZT zu Ökostrom wechseln:

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ