oss-sec mailing list archives
Re: CVE request: roundcube < 0.5.1 CSRF
From: Josh Bressers <bressers () redhat com>
Date: Mon, 4 Apr 2011 15:09:03 -0400 (EDT)
Thanks for sorting this Jan.
http://trac.roundcube.net/wiki/Changelog two cross site request forgery, one additional issue fixed in 0.5.1: "Security: add optional referer check to prevent CSRF in GET requestsLooks this one being just security hardening with the patches: [1] http://trac.roundcube.net/changeset/4503 [2] http://trac.roundcube.net/changeset/4504 For the CSRF flaws:Security: protect login form submission from CSRFPatch: [3] http://trac.roundcube.net/changeset/4490
Use CVE-2011-1491 for the above.
Security: prevent from relaying malicious requests through modcss.inc"Patch: [4] http://trac.roundcube.net/changeset/4488
Use CVE-2011-1492 for the above. Thanks. -- JB
Current thread:
- Re: CVE request: roundcube < 0.5.1 CSRF Josh Bressers (Apr 04)