Bug#473571: plone3: CVE-2008-139[3-6] multiple vulnerabilities

Nico Golde nion at debian.org
Sat Apr 12 15:23:13 UTC 2008


retitle 473571 plone3: CVE-2008-139[3-6],CVE-2008-0164 multiple vulnerabilities
thanks

Hi,
there is another CVE id that was assigned to this:

CVE-2008-0164[0]:
| Multiple cross-site request forgery (CSRF) vulnerabilities in Plone
| CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary
| accounts via the join_form page and (2) change the privileges of
| arbitrary groups via the prefs_groups_overview page.

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0164
    http://security-tracker.debian.net/tracker/CVE-2008-0164

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20080412/3f8618a5/attachment.pgp 


More information about the pkg-zope-developers mailing list