Name: CVE-2009-0483 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0483 Assigned: 20090209 Reference: CONFIRM: http://www.bugzilla.org/security/2.22.6/ Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=466692 Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=472362 Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi.
bugzilla-3.2.2-2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/bugzilla-3.2.2-2.fc9
bugzilla-3.2.2-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/bugzilla-3.2.2-2.fc10
Fixed via: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2417 https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2418
bugzilla-3.2.2-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
bugzilla-3.2.2-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.