1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-27 05:10:36 +00:00
freebsd-ports/german
Olli Hauer 5e7bd302a1 - update to 4.0.5
Vulnerability Details
=====================

Class:       Cross-Site Request Forgery
Versions:    4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
Fixed In:    4.0.5, 4.2
Description: Due to a lack of validation of the enctype form
             attribute when making POST requests to xmlrpc.cgi,
             a possible CSRF vulnerability was discovered. If a user
             visits an HTML page with some malicious HTML code in it,
             an attacker could make changes to a remote Bugzilla installation
             on behalf of the victim's account by using the XML-RPC API
             on a site running mod_perl. Sites running under mod_cgi
             are not affected. Also the user would have had to be
             already logged in to the target site for the vulnerability
             to work.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=725663
CVE Number:  CVE-2012-0453

Approved by:	skv (implicit)
2012-04-10 05:15:47 +00:00
..
acroread8
acroread9
alt-aspell
aspell
BBBike
bsdforen-firefox-searchplugin
bsdgroup-firefox-searchplugin
bsdpaste
bugzilla - update to 4.0.5 2012-04-10 05:15:47 +00:00
bugzilla3
calligra-l10n
dict
digibux
ding
dtaus
eric4 Update to version 4.5.2. 2012-04-03 12:11:39 +00:00
geonext
gimp-help
hunspell
hyphen
ispell
ispell-alt
ispell-neu
jdictionary-eng-ger
jdictionary-ger-hun
kde3-i18n
kde4-l10n
kheisereg
koffice-i18n
koffice-kde4-l10n
ksteak
manpages
mediathek
MT
mythes - Update to 2012.04.08 2012-04-09 16:22:29 +00:00
pecl-konto_check
phone
php_doc
schwobifyer
selfhtml
steak
tipp10
unix-connect
vtiger
webalizer2
wordpress
Makefile
Makefile.inc