Hi Fabio, * Fabio Tranchitella <[EMAIL PROTECTED]> [2008-03-31 15:09]: > * 2008-03-31 14:31, Nico Golde wrote: [...] > > the following CVE (Common Vulnerabilities & Exposures) ids were > > published for plone3. > > To say the truth, I don't really think these security problems are real; > I have the impression that upstream things so, too: there are no patches > available and no new upstream release fixing these problems. > > In any case, I'll try to ask on IRC.
While I agree that the cookie issues and the session id issue is not of an high impact I still think that at least the CSRF issue should be fixed cause the exploit scenario has a certain real life importance. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpY0i02UO8hz.pgp
Description: PGP signature
