On 06/25/2012 01:18 AM, Daenyth wrote:
On Sun, Jun 24, 2012 at 11:45 AM, Dave Reisner <[email protected]> wrote:
On Sun, Jun 24, 2012 at 04:55:39PM +0200, Lukas Fleischer wrote:
Hi!
I just wanted to let everybody know that I'm about to apply a patch to
our AUR setup that fixes some CSRF vulnerabilities. This will probably
break most (all?) AUR helpers (mis)using the AUR HTML interface. AUR
helpers, that only make use of the RPC interface, won't be affected.
I recommend using the web interface until the affected programs are
fixed.
burp 1.6.9 deals with this. Coming soon to an [extra] mirror near you.
Cheers,
dave
*buuuurp*. Tasty!
Does this break just AUR uploaders, or AUR install helpers too i.e.
cower, aurget etc.?
