Date: Thu, 24 Mar 2011 13:09:54 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: Hanno Böck <hanno@...eck.de> CC: oss-security@...ts.openwall.com Subject: Re: CVE request: roundcube < 0.5.1 CSRF Thanks, Hanno. Hanno Böck wrote: > http://trac.roundcube.net/wiki/Changelog > > two cross site request forgery, one additional issue fixed in 0.5.1: > > "Security: add optional referer check to prevent CSRF in GET requests Looks this one being just security hardening with the patches:  http://trac.roundcube.net/changeset/4503  http://trac.roundcube.net/changeset/4504 For the CSRF flaws: > Security: protect login form submission from CSRF Patch:  http://trac.roundcube.net/changeset/4490 > Security: prevent from relaying malicious requests through modcss.inc" Patch:  http://trac.roundcube.net/changeset/4488 Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.