Hi Fabio, * Fabio Tranchitella <[EMAIL PROTECTED]> [2008-05-06 10:28]: > * 2008-05-06 10:21, Nico Golde wrote: > > > * New upstream release. > > > * Add CSRF protection to user forms and control panel pages > > > (CVE-2008-0164). > > > (Closes: #473571) > > > * debian/control: depends on libjs-prototype. (Closes: #475286) > > > > What about the other CVE ids? > > AFAIK, upstream simply ignored them. :-/
Then I see no reason to close the bug. Please clone one for the CSRF issue, close that one and leave the other open. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpjmboOiJMht.pgp
Description: PGP signature
