Parent Directory | Revision Log
MGASA-2017-0095: deluge-1.3.11-1.1.mga5
1 | type: security |
2 | subject: Updated deluge packages fix security vulnerability |
3 | src: |
4 | 5: |
5 | core: |
6 | - deluge-1.3.11-1.1.mga5 |
7 | description: | |
8 | Updated deluge package fixes a CSRF (Cross-site request forgery) |
9 | vulnerability using upstream patch. Cross-Site Request Forgery (CSRF) is |
10 | an attack that forces an end user to execute unwanted actions on a web |
11 | application in which they're currently authenticated. CSRF attacks |
12 | specifically target state-changing requests, not theft of data, since the |
13 | attacker has no way to see the response to the forged request.[*] |
14 | references: |
15 | - https://bugs.mageia.org/show_bug.cgi?id=20475 |
16 | - https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) |
17 | - https://bugzilla.redhat.com/show_bug.cgi?id=1429449 |
18 | ID: MGASA-2017-0095 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |