Add zarb MLs html archivesHEAD master

author: Nicolas Vigier <boklm@mageia.org> 2013-04-14 13:46:12 +0000
committer: Nicolas Vigier <boklm@mageia.org> 2013-04-14 13:46:12 +0000
commit: 1be510f9529cb082f802408b472a77d074b394c0 (patch)
tree: b175f9d5fcb107576dabc768e7bd04d4a3e491a0 /zarb-ml/mageia-dev/attachments/20120409/ea181ca7
parent: fa5098cf210b23ab4f419913e28af7b1b07dafb2 (diff)
download: archives-master.tar
archives-master.tar.gz
archives-master.tar.bz2
archives-master.tar.xz
archives-master.zip
2 files changed, 8 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment-0001.html b/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment-0001.html
new file mode 100644
index 000000000..e453a5760
--- /dev/null
+++ b/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment-0001.html
@@ -0,0 +1,4 @@
+ping?<br><br>在 2012年4月9日星期一，Funda Wang &lt;<a href="mailto:fundawang@gmail.com">fundawang@gmail.com</a>&gt; 写道：<br>&gt; ping?<br>&gt;<br>&gt; 2012/4/8 Funda Wang &lt;<a href="mailto:fundawang@gmail.com">fundawang@gmail.com</a>&gt;:<br>
+&gt;&gt; Hello,<br>&gt;&gt;<br>&gt;&gt; Could somebody pushing redmine 1.3.2 into cauldron?<br>&gt;&gt;<br>&gt;&gt; Redmine before 1.3.2 does not properly restrict the use of a hash to<br>&gt;&gt; provide values for a model&#39;s attributes, which allows remote attackers<br>
+&gt;&gt; to set attributes in the (1) Comment, (2) Document, (3) IssueCategory,<br>&gt;&gt; (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8)<br>&gt;&gt; Version, (9) Wiki, (10) UserPreference, or (11) Board model via a<br>
+&gt;&gt; modified URL, related to a &quot;mass assignment&quot; vulnerability, a<br>&gt;&gt; different vulnerability than CVE-2012-0327.<br>&gt;&gt;<br>&gt;&gt; Thanks.<br>&gt;
diff --git a/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment.html b/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment.html
new file mode 100644
index 000000000..e453a5760
--- /dev/null
+++ b/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment.html
@@ -0,0 +1,4 @@
+ping?<br><br>在 2012年4月9日星期一，Funda Wang &lt;<a href="mailto:fundawang@gmail.com">fundawang@gmail.com</a>&gt; 写道：<br>&gt; ping?<br>&gt;<br>&gt; 2012/4/8 Funda Wang &lt;<a href="mailto:fundawang@gmail.com">fundawang@gmail.com</a>&gt;:<br>
+&gt;&gt; Hello,<br>&gt;&gt;<br>&gt;&gt; Could somebody pushing redmine 1.3.2 into cauldron?<br>&gt;&gt;<br>&gt;&gt; Redmine before 1.3.2 does not properly restrict the use of a hash to<br>&gt;&gt; provide values for a model&#39;s attributes, which allows remote attackers<br>
+&gt;&gt; to set attributes in the (1) Comment, (2) Document, (3) IssueCategory,<br>&gt;&gt; (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8)<br>&gt;&gt; Version, (9) Wiki, (10) UserPreference, or (11) Board model via a<br>
+&gt;&gt; modified URL, related to a &quot;mass assignment&quot; vulnerability, a<br>&gt;&gt; different vulnerability than CVE-2012-0327.<br>&gt;&gt;<br>&gt;&gt; Thanks.<br>&gt;
author	Nicolas Vigier <boklm@mageia.org>	2013-04-14 13:46:12 +0000
committer	Nicolas Vigier <boklm@mageia.org>	2013-04-14 13:46:12 +0000
commit	1be510f9529cb082f802408b472a77d074b394c0 (patch)
tree	b175f9d5fcb107576dabc768e7bd04d4a3e491a0 /zarb-ml/mageia-dev/attachments/20120409/ea181ca7
parent	fa5098cf210b23ab4f419913e28af7b1b07dafb2 (diff)
download	archives-master.tar archives-master.tar.gz archives-master.tar.bz2 archives-master.tar.xz archives-master.zip