Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1213 to the following vulnerability: Name: CVE-2009-1213 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1213 Assigned: 20090331 Reference: CONFIRM: http://www.bugzilla.org/security/3.2.2/ Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=476603 Reference: BID:34308 Reference: URL: http://www.securityfocus.com/bid/34308 Reference: SECUNIA:34545 Reference: URL: http://secunia.com/advisories/34545 Reference: SECUNIA:34547 Reference: URL: http://secunia.com/advisories/34547 Reference: VUPEN:ADV-2009-0887 Reference: URL: http://www.vupen.com/english/advisories/2009/0887 Reference: XF:bugzilla-attachment-csrf(49524) Reference: URL: http://xforce.iss.net/xforce/xfdb/49524 Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.
bugzilla-3.2.3-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/bugzilla-3.2.3-1.fc9
bugzilla-3.2.3-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/bugzilla-3.2.3-1.fc10
bugzilla-3.2.3-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
bugzilla-3.2.3-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.