Bug#473571: plone3: CVE-2008-139[3-6] multiple vulnerabilities
Fabio Tranchitella
kobold at kobold.it
Mon Mar 31 18:12:15 UTC 2008
Hello,
* 2008-03-31 15:40, Nico Golde wrote:
> While I agree that the cookie issues and the session id issue is not of
> an high impact I still think that at least the CSRF issue should be fixed
> cause the exploit scenario has a certain real life importance.
I fully agree, but it seems that upstream is not working on the issue nor
providing a patch. I'll try to write to the devel mailing list, but till
now I didn't get any useful feedback.
Thanks,
--
Fabio Tranchitella http://www.kobold.it
Free Software Developer and Consultant http://www.tranchitella.it
_____________________________________________________________________
1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564
More information about the pkg-zope-developers
mailing list