FYI:
Patch aproach for hotfix are avaialble, but any actual patch is not written.
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339#Minimal_Hotfix_for_TWiki_Product

Aproachs are:
  1) changing twiki-apache conf (/etc/twiki/apache.conf), it prevent from GET 
access
     for sensitive previledged pages.
  2) changing templates files. it minimal included:
    * twiki/templates/messages.tmpl
    * twiki/templates/oopsmore.tmpl
    * twiki/templates/registerconfirm.tmpl

-- 
TWiki 4.1.x CSRF vulnerability (CVE-2009-1339)
https://bugs.launchpad.net/bugs/383085
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to