Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=27f2c5d3874a58b57f86ff9f1f5c8a40c593e904
commit 27f2c5d3874a58b57f86ff9f1f5c8a40c593e904 Author: voroskoi <[EMAIL PROTECTED]> Date: Tue Jan 15 19:41:31 2008 +0100 FSA341-drupal diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 4998801..9c4c370 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -27,6 +27,19 @@ <fsas> <fsa> + <id>341</id> + <date>2008-01-15</date> + <author>voroskoi</author> + <package>drupal</package> + <vulnerable>5.2-2sayshell1</vulnerable> + <unaffected>5.2-2sayshell2</unaffected> + <bts>http://bugs.frugalware.org/task/2620</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6299</cve> + <desc>A vulnerability has been reported in Drupal, which can be exploited by malicious people to conduct SQL injection attacks. + Input passed to the "taxonomy_select_nodes()" function is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. + Successful exploitation requires that a module that passes unsanitised data to "taxonomy_select_nodes()" is installed.</desc> + </fsa> + <fsa> <id>340</id> <date>2008-01-15</date> <author>voroskoi</author> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
