Bug#695348: collabtive: XSS and CSRF issues

2014-12-28 Thread Moritz Mühlenhoff
On Tue, Dec 09, 2014 at 08:56:21PM -0600, Gunnar Wolf wrote: > Moritz Mühlenhoff dijo [Tue, Dec 09, 2014 at 10:17:14PM +0100]: > > > > I'm getting in touch with the authors right now. Thanks! > > > > > > http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=8479 > > > > Gunnar, > > is this fixed

Bug#695348: collabtive: XSS and CSRF issues

2014-12-09 Thread Gunnar Wolf
Moritz Mühlenhoff dijo [Tue, Dec 09, 2014 at 10:17:14PM +0100]: > > > I'm getting in touch with the authors right now. Thanks! > > > > http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=8479 > > Gunnar, > is this fixed in the version in jessie? Sorry for the delay for this reply! I can confi

Bug#695348: collabtive: XSS and CSRF issues

2014-12-09 Thread Moritz Mühlenhoff
On Thu, Jan 10, 2013 at 04:47:35PM -0600, Gunnar Wolf wrote: > > FWIW the exploit-db webpage points at three different problems, two > > XSS and one CSRF. The XSS are not present in collabtive 0.7.6, but the > > CSRF is. > > > > I'm getting in touch with the authors right now. Thanks! > > http://

Bug#695348: collabtive: XSS and CSRF issues

2013-01-10 Thread Gunnar Wolf
> FWIW the exploit-db webpage points at three different problems, two > XSS and one CSRF. The XSS are not present in collabtive 0.7.6, but the > CSRF is. > > I'm getting in touch with the authors right now. Thanks! http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=8479 -- To UNSUBSCRIBE, e

Bug#695348: collabtive: XSS and CSRF issues

2013-01-10 Thread Gunnar Wolf
> > Two CVE's were assigned recently for 'ancient' Collabtive security issues: > > > > CVE-2010-5284 > > http://www.exploit-db.com/exploits/15240 > > > > CVE-2010-5285 > > http://www.exploit-db.com/exploits/15240 FWIW the exploit-db webpage points at three different problems, two XSS and one CSR

Bug#695348: collabtive: XSS and CSRF issues

2013-01-10 Thread Gunnar Wolf
Moritz Mühlenhoff dijo [Sun, Dec 30, 2012 at 02:23:51PM +0100]: > (...) > > Two CVE's were assigned recently for 'ancient' Collabtive security issues: > (...) > > Can you please check and verify that these old issues have been fixed in > > the mean time? > > Gunnar, did you in touch with upstream?

Bug#695348: collabtive: XSS and CSRF issues

2012-12-30 Thread Moritz Mühlenhoff
On Fri, Dec 07, 2012 at 01:59:50PM +0100, Thijs Kinkhorst wrote: > Package: collabtive > Severity: important > Tags: security > > Hi, > > Two CVE's were assigned recently for 'ancient' Collabtive security issues: > > CVE-2010-5284 > http://www.exploit-db.com/exploits/15240 > > CVE-2010-5285 > h

Bug#695348: collabtive: XSS and CSRF issues

2012-12-07 Thread Thijs Kinkhorst
Package: collabtive Severity: important Tags: security Hi, Two CVE's were assigned recently for 'ancient' Collabtive security issues: CVE-2010-5284 http://www.exploit-db.com/exploits/15240 CVE-2010-5285 http://www.exploit-db.com/exploits/15240 Can you please check and verify that these old iss