commit 969927110d355a45a28c89b71ffebfba26a1cb97
Author: Miklos Vajna <>
Date:   Sun Sep 27 12:23:17 2009 +0200


diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index b4276a8..79a9b2b 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,21 @@

+               <id>621</id>
+               <date>2009-09-27</date>
+               <author>Miklos Vajna</author>
+               <package>drupal</package>
+               <vulnerable>5.19-1</vulnerable>
+               <unaffected>5.20-1getorin1</unaffected>
+               <bts></bts>
+               <cve>No CVE references, see</cve>
+               <desc>Some vulnerabilities have been reported in Drupal, which 
can be exploited by malicious users to hijack accounts and compromise a 
vulnerable system, and by malicious people to conduct cross-site request 
forgery attacks.
+                       1) The OpenID module allows users to perform certain 
actions via HTTP requests without performing any validation checks to verify 
the requests. This can be exploited to e.g. add OpenID identities to existing 
+                       2) An unspecified error within the OpenID 
Authentication 2.0 implementation can be exploited to hijack another user's 
account if the same OpenID 2.0 provider is used.
+                       3) An error within the File API when processing certain 
file extensions can be exploited to e.g. upload files which can be executed by 
the web server.
+                       Note: Successful exploitation requires that the web 
server is configured to ignore Drupal's ".htaccess" file.</desc>
+       </fsa>
+       <fsa>
<author>Miklos Vajna</author>
Frugalware-git mailing list

Reply via email to