Bug#473571: closed by Fabio Tranchitella <kobold at debian.org> (Bug#473571: fixed in plone3 3.1.1-1)

Nico Golde nion at debian.org
Tue May 6 08:36:16 UTC 2008


Hi Fabio,
* Fabio Tranchitella <kobold at kobold.it> [2008-05-06 10:28]:
> * 2008-05-06 10:21, Nico Golde wrote:
> > >    * New upstream release.
> > >    * Add CSRF protection to user forms and control panel pages (CVE-2008-0164).
> > >      (Closes: #473571)
> > >    * debian/control: depends on libjs-prototype. (Closes: #475286)
> > 
> > What about the other CVE ids?
> 
> AFAIK, upstream simply ignored them. :-/

Then I see no reason to close the bug. Please clone one for 
the CSRF issue, close that one and leave the other open.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20080506/8585c799/attachment.pgp 


More information about the pkg-zope-developers mailing list