CVE-2011-0046
Priority
Low
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla
before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before
4.0rc2 allow remote attackers to hijack the authentication of arbitrary
users for requests related to (1) adding a saved search in buglist.cgi, (2)
voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating
or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and
(6) adding, deleting, or approving a quip in quips.cgi.
before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before
4.0rc2 allow remote attackers to hijack the authentication of arbitrary
users for requests related to (1) adding a saved search in buglist.cgi, (2)
voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating
or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and
(6) adding, deleting, or approving a quip in quips.cgi.
Package
| Upstream: | released (3.2.10, 3.4.10, 3.6.4) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needed |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE (dropped by debian) |
| Ubuntu 12.10 (Quantal Quetzal): | DNE (dropped by debian) |
| Ubuntu 13.04 (Raring Ringtail): | DNE (dropped by debian) |
| Ubuntu 13.10 (Saucy Salamander): | DNE (dropped by debian) |
Patches:
| Vendor: | http://www.debian.org/security/2011/dsa-2322 |