webauth 3.6.2-1 source package in Debian
Changelog
webauth (3.6.2-1) unstable; urgency=high
* New upstream release.
- CVE-2009-2945: When generating a redirect to test for cookie
support, be sure not to include a password in the URL. Reject
username/password logins via methods other than POST.
- If the user submits the login form via POST without the test cookie,
assume the browser supports cookies and don't probe.
- New script (in /usr/share/doc/webauth-weblogin/weblogin-passcheck)
to find passwords exposed by CVE-2009-2945.
-- Russ Allbery <email address hidden> Tue, 08 Sep 2009 15:30:20 -0700
Upload details
- Uploaded by:
- Russ Allbery
- Uploaded to:
- Sid
- Original maintainer:
- Russ Allbery
- Architectures:
- any
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| webauth_3.6.2-1.dsc | 1.3 KiB | cb0972584b529db94f469f8f6e0107271ba8e53ca69ed6c5d96deb71f6c93364 |
| webauth_3.6.2.orig.tar.gz | 655.2 KiB | e5a448abbe091e4e77113cfafa02257cfc05ead1767d17540e3628a272239b6c |
| webauth_3.6.2-1.diff.gz | 17.0 KiB | 8a35fa549a12c64c83d89834af1163da910ee71ae9b5f35b171c859ed35d3084 |
No changes file available.
