CVE-2011-3669 in Ubuntu

CVE-2011-3669

Priority

Medium

Description

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in
Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack
the authentication of arbitrary users for requests that upload attachments.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3669
http://www.bugzilla.org/security/3.4.12/

Bugs

https://bugzilla.mozilla.org/show_bug.cgi?id=703983

Package

Source: bugzilla (LP Ubuntu Debian)

Upstream:	released (4.2rc1)
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	needed
Ubuntu 11.10 (Oneiric Ocelot):	ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE
Ubuntu 13.04 (Raring Ringtail):	DNE
Ubuntu 13.10 (Saucy Salamander):	DNE

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2013-05-09 15:15:50 UTC (commit 6824)