[Frugalware-git] homepage-ng: FSA634-drupal

Miklos Vajna vmiklos at frugalware.org
Mon Mar 1 20:52:17 CET 2010


Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=d873ac7f7630326f90cc6a6366b712402275d852

commit d873ac7f7630326f90cc6a6366b712402275d852
Author: Miklos Vajna <vmiklos at frugalware.org>
Date:   Mon Mar 1 20:52:15 2010 +0100

FSA634-drupal

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index f94c997..22a69bf 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,18 @@

<fsas>
<fsa>
+		<id>634</id>
+		<date>2010-03-01</date>
+		<author>Miklos Vajna</author>
+		<package>drupal</package>
+		<vulnerable>5.20-1getorin1</vulnerable>
+		<unaffected>5.21-1getorin1</unaffected>
+		<bts>http://bugs.frugalware.org/task/4052</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4369</cve>
+		<desc>A vulnerability has been reported in Drupal Core, which can be exploited by malicious users to conduct script insertion attacks.
+			Input passed to the "Category" input field of the Contact module's administration form is not properly sanitised before being displayed to the user.</desc>
+	</fsa>
+	<fsa>
<id>633</id>
<date>2010-03-01</date>
<author>Miklos Vajna</author>


More information about the Frugalware-git mailing list