[Frugalware-git] homepage-ng: FSA691-drupal6-devel
Miklos Vajna
vmiklos at frugalware.org
Sun Aug 22 22:32:52 CEST 2010
Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=8cdf57d01f42b9996247aa3ee1847cc7cde8c7b5
commit 8cdf57d01f42b9996247aa3ee1847cc7cde8c7b5
Author: Miklos Vajna <vmiklos at frugalware.org>
Date: Sun Aug 22 22:32:50 2010 +0200
FSA691-drupal6-devel
diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 1227c12..ed8c2dd 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,19 @@
<fsas>
<fsa>
+ <id>691</id>
+ <date>2010-08-22</date>
+ <author>Miklos Vajna</author>
+ <package>drupal6-devel</package>
+ <vulnerable>6.x_1.18-1</vulnerable>
+ <unaffected>6.x_1.21-1locris1</unaffected>
+ <bts>http://bugs.frugalware.org/task/4290</bts>
+ <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3022</cve>
+ <desc>A vulnerability has been reported in the Devel (Performance logging) module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
+ Certain input passed via node paths is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
+ Successful exploitation requires that the attacker has permissions to add url aliases and the victim has access to the reports of the performance module.</desc>
+ </fsa>
+ <fsa>
<id>690</id>
<date>2010-08-22</date>
<author>Miklos Vajna</author>
More information about the Frugalware-git
mailing list