Bug#695348: collabtive: XSS and CSRF issues

2014-12-28 Thread Moritz Mühlenhoff
On Tue, Dec 09, 2014 at 08:56:21PM -0600, Gunnar Wolf wrote: Moritz Mühlenhoff dijo [Tue, Dec 09, 2014 at 10:17:14PM +0100]: I'm getting in touch with the authors right now. Thanks! http://collabtive.o-dyn.de/forum/viewtopic.php?f=11t=8479 Gunnar, is this fixed in the version in

Bug#695348: collabtive: XSS and CSRF issues

2014-12-09 Thread Moritz Mühlenhoff
On Thu, Jan 10, 2013 at 04:47:35PM -0600, Gunnar Wolf wrote: FWIW the exploit-db webpage points at three different problems, two XSS and one CSRF. The XSS are not present in collabtive 0.7.6, but the CSRF is. I'm getting in touch with the authors right now. Thanks!

Bug#695348: collabtive: XSS and CSRF issues

2014-12-09 Thread Gunnar Wolf
Moritz Mühlenhoff dijo [Tue, Dec 09, 2014 at 10:17:14PM +0100]: I'm getting in touch with the authors right now. Thanks! http://collabtive.o-dyn.de/forum/viewtopic.php?f=11t=8479 Gunnar, is this fixed in the version in jessie? Sorry for the delay for this reply! I can confirm you

Bug#695348: collabtive: XSS and CSRF issues

2013-01-10 Thread Gunnar Wolf
Moritz Mühlenhoff dijo [Sun, Dec 30, 2012 at 02:23:51PM +0100]: (...) Two CVE's were assigned recently for 'ancient' Collabtive security issues: (...) Can you please check and verify that these old issues have been fixed in the mean time? Gunnar, did you in touch with upstream? Hi,

Bug#695348: collabtive: XSS and CSRF issues

2013-01-10 Thread Gunnar Wolf
Two CVE's were assigned recently for 'ancient' Collabtive security issues: CVE-2010-5284 http://www.exploit-db.com/exploits/15240 CVE-2010-5285 http://www.exploit-db.com/exploits/15240 FWIW the exploit-db webpage points at three different problems, two XSS and one CSRF. The XSS

Bug#695348: collabtive: XSS and CSRF issues

2013-01-10 Thread Gunnar Wolf
FWIW the exploit-db webpage points at three different problems, two XSS and one CSRF. The XSS are not present in collabtive 0.7.6, but the CSRF is. I'm getting in touch with the authors right now. Thanks! http://collabtive.o-dyn.de/forum/viewtopic.php?f=11t=8479 -- To UNSUBSCRIBE, email

Bug#695348: collabtive: XSS and CSRF issues

2012-12-30 Thread Moritz Mühlenhoff
On Fri, Dec 07, 2012 at 01:59:50PM +0100, Thijs Kinkhorst wrote: Package: collabtive Severity: important Tags: security Hi, Two CVE's were assigned recently for 'ancient' Collabtive security issues: CVE-2010-5284 http://www.exploit-db.com/exploits/15240 CVE-2010-5285

Bug#695348: collabtive: XSS and CSRF issues

2012-12-07 Thread Thijs Kinkhorst
Package: collabtive Severity: important Tags: security Hi, Two CVE's were assigned recently for 'ancient' Collabtive security issues: CVE-2010-5284 http://www.exploit-db.com/exploits/15240 CVE-2010-5285 http://www.exploit-db.com/exploits/15240 Can you please check and verify that these old