From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2012-April/014070.html | 94 +++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 zarb-ml/mageia-dev/2012-April/014070.html (limited to 'zarb-ml/mageia-dev/2012-April/014070.html') diff --git a/zarb-ml/mageia-dev/2012-April/014070.html b/zarb-ml/mageia-dev/2012-April/014070.html new file mode 100644 index 000000000..42b114ee0 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-April/014070.html @@ -0,0 +1,94 @@ + + + + [Mageia-dev] Freeze push: redmine 1.3.2 + + + + + + + + + +

[Mageia-dev] Freeze push: redmine 1.3.2

+ Thomas Backlund + tmb at mageia.org +
+ Mon Apr 9 20:13:15 CEST 2012 +

+
+ +
09.04.2012 13:53, Funda Wang skrev:
+> ping?
+> 
+> 在 2012年4月9日星期一,Funda Wang <fundawang at gmail.com
+> <mailto:fundawang at gmail.com>> 写道:
+>> ping?
+>>
+>> 2012/4/8 Funda Wang <fundawang at gmail.com <mailto:fundawang at gmail.com>>:
+>>> Hello,
+>>>
+>>> Could somebody pushing redmine 1.3.2 into cauldron?
+>>>
+>>> Redmine before 1.3.2 does not properly restrict the use of a hash to
+>>> provide values for a model's attributes, which allows remote attackers
+>>> to set attributes in the (1) Comment, (2) Document, (3) IssueCategory,
+>>> (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8)
+>>> Version, (9) Wiki, (10) UserPreference, or (11) Board model via a
+>>> modified URL, related to a "mass assignment" vulnerability, a
+>>> different vulnerability than CVE-2012-0327.
+>>>
+>>> Thanks.
+>>
+
+Pushed.
+
+--
+Thomas
+
+
+ + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1