From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2012-April/014045.html | 93 +++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 zarb-ml/mageia-dev/2012-April/014045.html (limited to 'zarb-ml/mageia-dev/2012-April/014045.html') diff --git a/zarb-ml/mageia-dev/2012-April/014045.html b/zarb-ml/mageia-dev/2012-April/014045.html new file mode 100644 index 000000000..f9fd79be7 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-April/014045.html @@ -0,0 +1,93 @@ + + + + [Mageia-dev] Freeze push: redmine 1.3.2 + + + + + + + + + +

[Mageia-dev] Freeze push: redmine 1.3.2

+ Funda Wang + fundawang at gmail.com +
+ Mon Apr 9 12:53:38 CEST 2012 +

+
+ +
ping?
+
+在 2012年4月9日星期一,Funda Wang <fundawang at gmail.com> 写道:
+> ping?
+>
+> 2012/4/8 Funda Wang <fundawang at gmail.com>:
+>> Hello,
+>>
+>> Could somebody pushing redmine 1.3.2 into cauldron?
+>>
+>> Redmine before 1.3.2 does not properly restrict the use of a hash to
+>> provide values for a model's attributes, which allows remote attackers
+>> to set attributes in the (1) Comment, (2) Document, (3) IssueCategory,
+>> (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8)
+>> Version, (9) Wiki, (10) UserPreference, or (11) Board model via a
+>> modified URL, related to a "mass assignment" vulnerability, a
+>> different vulnerability than CVE-2012-0327.
+>>
+>> Thanks.
+>
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-dev/attachments/20120409/ea181ca7/attachment.html>
+
+ + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1