1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-15 03:14:23 +00:00
freebsd-ports/russian
Olli Hauer 5e7bd302a1 - update to 4.0.5
Vulnerability Details
=====================

Class:       Cross-Site Request Forgery
Versions:    4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
Fixed In:    4.0.5, 4.2
Description: Due to a lack of validation of the enctype form
             attribute when making POST requests to xmlrpc.cgi,
             a possible CSRF vulnerability was discovered. If a user
             visits an HTML page with some malicious HTML code in it,
             an attacker could make changes to a remote Bugzilla installation
             on behalf of the victim's account by using the XML-RPC API
             on a site running mod_perl. Sites running under mod_cgi
             are not affected. Also the user would have had to be
             already logged in to the target site for the vulnerability
             to work.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=725663
CVE Number:  CVE-2012-0453

Approved by:	skv (implicit)
2012-04-10 05:15:47 +00:00
..
artwiz-ru
aspell
bugzilla3-ru
bugzilla-ru - update to 4.0.5 2012-04-10 05:15:47 +00:00
calligra-l10n
d1489
eric4 Update to version 4.5.2. 2012-04-03 12:11:39 +00:00
fortune-bashorgru
fortuneru
gd
gimp-help
hunspell
hyphen
ircd-hybrid
kde3-i18n
kde4-l10n
koffice-i18n
koffice-kde4-l10n
koi2koi
koi8r-ps
ksocrat
libcyrillic
MT - Update to 5.13 2012-03-15 19:33:51 +00:00
mueller-dic
muttprint
mythes
napster
p5-Convert-Cyrillic
p5-cyrillic
p5-Lingua-DetectCyrillic
p5-Lingua-RU-Charset
p5-XML-Parser-encodings
prawda
pscyr
rubygem-russian
rubygem-rutils
rus-ispell
rux
stardict-bars
stardict-computer
stardict-dal
stardict-engcom
stardict-mueller7
stardict-mueller7accent
stardict-pc
tac+ia
tidyup-mail
unzip
wmcyrx
wordpress
xcode
xcyrBGR
xmms
xpi-tabextensions
xruskb
Makefile
Makefile.inc