Viewing all changes in revision 42.
- Committer: Package Import Robot
- Date: 2014-02-20 13:33:07 UTC
- Revision ID: package-import@ubuntu.com-20140220133307-p9r5z5mjwgwgesop
* Add patch 23-security-osa-2014-01 which fixes CVE-2014-1694, also known as
OSA-2014-01:
An attacker that managed to take over the session of a logged in customer
could create tickets and/or send follow-ups to existing tickets due to
missing challenge token checks.
* Add patch 24-security-osa-2014-02 which fixes CVE-2014-1471, also known as
OSA-2014-02:
An attacker with a valid customer or agent login could inject SQL in
the ticket search URL.
OSA-2014-01:
An attacker that managed to take over the session of a logged in customer
could create tickets and/or send follow-ups to existing tickets due to
missing challenge token checks.
* Add patch 24-security-osa-2014-02 which fixes CVE-2014-1471, also known as
OSA-2014-02:
An attacker with a valid customer or agent login could inject SQL in
the ticket search URL.
- files added:
- .pc/23-security-osa-2014-01.diff
- .pc/23-security-osa-2014-01.diff/Kernel
- .pc/23-security-osa-2014-01.diff/Kernel/Modules
- .pc/23-security-osa-2014-01.diff/Kernel/Output
- .pc/23-security-osa-2014-01.diff/Kernel/Output/HTML
- .pc/24-security-osa-2014-02.diff
- .pc/24-security-osa-2014-02.diff/Kernel
- .pc/24-security-osa-2014-02.diff/Kernel/System
- files modified:
- .pc/applied-patches
expand all
collapse all
added
removed
