advisories/20475.adv

type: security
subject: Updated deluge packages fix security vulnerability
src:
  5:
   core:
     - deluge-1.3.11-1.1.mga5
description: |
  Updated deluge package fixes a CSRF (Cross-site request forgery)
  vulnerability using upstream patch. Cross-Site Request Forgery (CSRF) is
  an attack that forces an end user to execute unwanted actions on a web
  application in which they're currently authenticated. CSRF attacks
  specifically target state-changing requests, not theft of data, since the
  attacker has no way to see the response to the forged request.[*]
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20475
 - https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
 - https://bugzilla.redhat.com/show_bug.cgi?id=1429449
ID: MGASA-2017-0095
1	type: security
2	subject: Updated deluge packages fix security vulnerability
3	src:
4	5:
5	core:
6	- deluge-1.3.11-1.1.mga5
7	description: \|
8	Updated deluge package fixes a CSRF (Cross-site request forgery)
9	vulnerability using upstream patch. Cross-Site Request Forgery (CSRF) is
10	an attack that forces an end user to execute unwanted actions on a web
11	application in which they're currently authenticated. CSRF attacks
12	specifically target state-changing requests, not theft of data, since the
13	attacker has no way to see the response to the forged request.[*]
14	references:
15	- https://bugs.mageia.org/show_bug.cgi?id=20475
16	- https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
17	- https://bugzilla.redhat.com/show_bug.cgi?id=1429449
18	ID: MGASA-2017-0095