CVE-2011-0046

Priority
Low
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla
before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before
4.0rc2 allow remote attackers to hijack the authentication of arbitrary
users for requests related to (1) adding a saved search in buglist.cgi, (2)
voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating
or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and
(6) adding, deleting, or approving a quip in quips.cgi.
References
Package
Upstream:released (3.2.10, 3.4.10, 3.6.4)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):DNE (dropped by debian)
Ubuntu 12.10 (Quantal Quetzal):DNE (dropped by debian)
Ubuntu 13.04 (Raring Ringtail):DNE (dropped by debian)
Ubuntu 13.10 (Saucy Salamander):DNE (dropped by debian)
Ubuntu 14.04 LTS (Trusty Tahr):DNE (dropped by debian)
Patches:
Vendor:http://www.debian.org/security/2011/dsa-2322
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-20 21:16:27 UTC (commit 7585)