webauth 3.6.2-1 source package in Debian
Changelog
webauth (3.6.2-1) unstable; urgency=high * New upstream release. - CVE-2009-2945: When generating a redirect to test for cookie support, be sure not to include a password in the URL. Reject username/password logins via methods other than POST. - If the user submits the login form via POST without the test cookie, assume the browser supports cookies and don't probe. - New script (in /usr/share/doc/webauth-weblogin/weblogin-passcheck) to find passwords exposed by CVE-2009-2945. -- Russ Allbery <email address hidden> Tue, 08 Sep 2009 15:30:20 -0700
Upload details
- Uploaded by:
- Russ Allbery
- Uploaded to:
- Sid
- Original maintainer:
- Russ Allbery
- Architectures:
- any
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Builds
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
webauth_3.6.2-1.dsc | 1.3 KiB | cb0972584b529db94f469f8f6e0107271ba8e53ca69ed6c5d96deb71f6c93364 |
webauth_3.6.2.orig.tar.gz | 655.2 KiB | e5a448abbe091e4e77113cfafa02257cfc05ead1767d17540e3628a272239b6c |
webauth_3.6.2-1.diff.gz | 17.0 KiB | 8a35fa549a12c64c83d89834af1163da910ee71ae9b5f35b171c859ed35d3084 |
No changes file available.