Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Mar 2011 10:24:31 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: CVE request: roundcube < 0.5.1 CSRF

http://trac.roundcube.net/wiki/Changelog

two cross site request forgery, one additional issue fixed in 0.5.1:

"Security: add optional referer check to prevent CSRF in GET requests
Security: protect login form submission from CSRF
Security: prevent from relaying malicious requests through modcss.inc"

-- 
Hanno Böck		mail/jabber: hanno@...eck.de
GPG: BBB51E42		http://www.hboeck.de/

JETZT zu Ökostrom wechseln: http://atomausstieg-selber-machen.de

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ