FYI:
Patch aproach for hotfix are avaialble, but any actual patch is not written.
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339#Minimal_Hotfix_for_TWiki_Product
Aproachs are:
1) changing twiki-apache conf (/etc/twiki/apache.conf), it prevent from GET
access
for sensitive previledged pages.
2) changing templates files. it minimal included:
* twiki/templates/messages.tmpl
* twiki/templates/oopsmore.tmpl
* twiki/templates/registerconfirm.tmpl
--
TWiki 4.1.x CSRF vulnerability (CVE-2009-1339)
https://bugs.launchpad.net/bugs/383085
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs