Bug#778618: novnc: session hijack through insecurely set session token cookies

Tue, 17 Feb 2015 06:40:34 -0800 

Package: novnc
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see 
http://www.openwall.com/lists/oss-security/2015/02/17/1
https://bugzilla.redhat.com/show_bug.cgi?id=1193451

Fix:
https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd

Cheers,
        Moritz


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to