[Frugalware-security] [ FSA-242 ] drupal

vmiklos noreply at frugalware.org
Wed Aug 8 13:31:50 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-242

Date: 2007-08-08
Package: drupal
Vulnerable versions: <= 4.7.5-1
Unaffected versions: >= 4.7.7-1terminus1
Related bugreport: http://bugs.frugalware.org/task/2295
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4064

Description
===========

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7,
(1) allow remote attackers to inject arbitrary web script or HTML via &quot;some server variables,&quot; including PHP_SELF; and
(2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names.

Updated Packages
================

Check if you have drupal installed:

	# pacman-g2 -Q drupal

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy drupal

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFGuammZ7NElSD1VhkRAuHgAJ9LiHz0usG6tLTYkNXvD6BGbS1dBwCdEMfx
bgG/j3Tds9A3VK8ueRZDN3Q=
=RWw4
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list