[aur-general] [HEADS-UP] Breaking AUR helpers

Dave Reisner d at falconindy.com
Sun Jun 24 11:45:32 EDT 2012


On Sun, Jun 24, 2012 at 04:55:39PM +0200, Lukas Fleischer wrote:
> Hi!
> 
> I just wanted to let everybody know that I'm about to apply a patch to
> our AUR setup that fixes some CSRF vulnerabilities. This will probably
> break most (all?) AUR helpers (mis)using the AUR HTML interface. AUR
> helpers, that only make use of the RPC interface, won't be affected.
> 
> I recommend using the web interface until the affected programs are
> fixed.

burp 1.6.9 deals with this. Coming soon to an [extra] mirror near you.

Cheers,
dave


More information about the aur-general mailing list