-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2011-07-28 08:49:08 UTC
-
mfrom:
(125.1.3 maverick-proposed)
-
Revision ID:
james.westby@ubuntu.com-20110728084908-1wiq3wgb1iboe179
Tags: 2:3.5.4~dfsg-1ubuntu8.5
* SECURITY UPDATE: cross-site scripting in SWAT
- debian/patches/CVE-2011-2694.patch: don't display username in
source3/web/swat.c.
- CVE-2011-2694
* SECURITY UPDATE: cross-site request forgery in SWAT
- debian/patches/CVE-2011-2522.patch: implement nonce in
source3/web/{cgi.c,statuspage.c,swat.c,swat_proto.h}.
- CVE-2011-2522