Upstream released GLPI 0.83.3 [1] which fixes a CSRF flaw (CVE-2012-4002) [2],[3] fixed in r18770 [4] and some XSS flaws (CVE-2012-4003) [4]. Patches are referenced in the noted bug reports. [1] https://forge.indepnet.net/projects/glpi/versions/771 [2] https://forge.indepnet.net/issues/3704 [3] https://forge.indepnet.net/issues/3707 [4] https://forge.indepnet.net/issues/3705