Bug#727669: Protect against CSRF attacks by using tokens on destructive actions

Mike Gabriel Fri, 25 Oct 2013 00:46:20 -0700

Package: php-ingo
Severity: important
Version: 3.1.2-1


Upstream fixed a CSRF issue (CVE-2013-6275) in Ingo.

The upstream bug is found here:
http://bugs.horde.org/ticket/12796

The upstream patch is this:
http://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=bug_12796.patch&ticket=12796&fn=%2Fbug_12796.patch

Greets,
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

bin1KaKN193XY.bin
Description: Öffentlicher PGP-Schlüssel

pgpbMupnx8hXC.pgp
Description: Digitale PGP-Signatur

Bug#727669: Protect against CSRF attacks by using tokens on destructive actions

Reply via email to