Package: hyperestraier Version: 1.2.5-1 Severity: serious Tags: security fixed-upstream
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2006-3671: "Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown vectors." This is fixed upstream in 1.3.3; see [1] for more details. hyperestraier is not in sarge. Please mention the CVE in your changelog. Thanks, Alec [1] http://sourceforge.net/project/shownotes.php?release_id=432119 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEv/uJAud/2YgchcQRAi0jAJwK652ImkDgjr3Om/zwiKKqz2TwOACfcBGa G5SJXE1REWz3/KU/enR91y4= =5Qzf -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
