[Secure-testing-team] Bug#526258: CVE-2009-1339: CSRF Vulnerability with Image Tag
Olivier Berger
olivier.berger at it-sudparis.eu
Thu Apr 30 07:46:34 UTC 2009
Package: twiki
Version: 1:4.0.5-9.1etch1
Severity: grave
Tags: security
Justification: user security hole
FYI, Twiki in oldstable is affected by a security vulnerability : http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339
AFAIK, there's no patch available for old versions.
Best regards,
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-proposed-updates')
Architecture: i386 (i686)
Kernel: Linux 2.6.29-1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages twiki depends on:
ii apache2.2-common 2.2.11-3 Apache HTTP Server common files
ii debconf [debconf-2.0] 1.5.26 Debian configuration management sy
pn libalgorithm-diff-perl <none> (no description available)
ii libcgi-session-perl 4.41-1 persistent session data in CGI app
ii libdigest-sha1-perl 2.11-2+b1 NIST SHA-1 message digest algorith
ii liberror-perl 0.17-1 Perl module for error/exception ha
ii libhtml-parser-perl 3.60-1 collection of modules that parse H
pn liblocale-maketext-lexicon-p <none> (no description available)
pn libtext-diff-perl <none> (no description available)
ii liburi-perl 1.37+dfsg-1 Manipulates and accesses URI strin
ii perl [libmime-base64-perl] 5.10.0-19 Larry Wall's Practical Extraction
ii perl-modules [libnet-perl] 5.10.0-19 Core Perl modules
ii rcs 5.7-24 The GNU Revision Control System
twiki recommends no packages.
Versions of packages twiki suggests:
pn libunicode-maputf8-perl <none> (no description available)
More information about the Secure-testing-team
mailing list