[aur-general] [HEADS-UP] Breaking AUR helpers
gosha.tugai at gmail.com
Mon Jun 25 00:26:55 EDT 2012
On 06/25/2012 01:18 AM, Daenyth wrote:
> On Sun, Jun 24, 2012 at 11:45 AM, Dave Reisner <d at falconindy.com> wrote:
>> On Sun, Jun 24, 2012 at 04:55:39PM +0200, Lukas Fleischer wrote:
>>> I just wanted to let everybody know that I'm about to apply a patch to
>>> our AUR setup that fixes some CSRF vulnerabilities. This will probably
>>> break most (all?) AUR helpers (mis)using the AUR HTML interface. AUR
>>> helpers, that only make use of the RPC interface, won't be affected.
>>> I recommend using the web interface until the affected programs are
>> burp 1.6.9 deals with this. Coming soon to an [extra] mirror near you.
> *buuuurp*. Tasty!
Does this break just AUR uploaders, or AUR install helpers too i.e.
cower, aurget etc.?
More information about the aur-general