thr3ads.net - Secure testing team - [Secure-testing-team] Bug#526258: CVE-2009-1339: CSRF Vulnerability with Image Tag [Apr 2009]

If this information is useful, please help other people find it:
Share via:

Olivier Berger

2009-Apr-30 07:46 UTC

[Secure-testing-team] Bug#526258: CVE-2009-1339: CSRF Vulnerability with Image Tag

Package: twiki
Version: 1:4.0.5-9.1etch1
Severity: grave
Tags: security
Justification: user security hole

FYI, Twiki in oldstable is affected by a security vulnerability :
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339

AFAIK, there''s no patch available for old versions.

Best regards,


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, ''testing''), (500,
''testing-proposed-updates'')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages twiki depends on:
ii  apache2.2-common             2.2.11-3    Apache HTTP Server common files
ii  debconf [debconf-2.0]        1.5.26      Debian configuration management sy
pn  libalgorithm-diff-perl       <none>      (no description available)
ii  libcgi-session-perl          4.41-1      persistent session data in CGI app
ii  libdigest-sha1-perl          2.11-2+b1   NIST SHA-1 message digest algorith
ii  liberror-perl                0.17-1      Perl module for error/exception ha
ii  libhtml-parser-perl          3.60-1      collection of modules that parse H
pn  liblocale-maketext-lexicon-p <none>      (no description available)
pn  libtext-diff-perl            <none>      (no description available)
ii  liburi-perl                  1.37+dfsg-1 Manipulates and accesses URI strin
ii  perl [libmime-base64-perl]   5.10.0-19   Larry Wall''s Practical
Extraction
ii  perl-modules [libnet-perl]   5.10.0-19   Core Perl modules
ii  rcs                          5.7-24      The GNU Revision Control System

twiki recommends no packages.

Versions of packages twiki suggests:
pn  libunicode-maputf8-perl       <none>     (no description available)

Secure testing team - Apr 2009 - Bug#526258: CVE-2009-1339: CSRF Vulnerability with Image Tag

[Secure-testing-team] Bug#526258: CVE-2009-1339: CSRF Vulnerability with Image Tag