[Frugalware-git] homepage-ng: FSA635-drupal6

Mon, 01 Mar 2010 11:54:38 -0800 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=8321d0d519603d8169a0c5c4e6b0345b497d888f

commit 8321d0d519603d8169a0c5c4e6b0345b497d888f
Author: Miklos Vajna <[email protected]>
Date:   Mon Mar 1 20:54:30 2010 +0100

FSA635-drupal6

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 22a69bf..5ea72a0 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,22 @@

<fsas>
<fsa>
+               <id>635</id>
+               <date>2010-03-01</date>
+               <author>Miklos Vajna</author>
+               <package>drupal6</package>
+               <vulnerable>6.14-1getorin1</vulnerable>
+               <unaffected>6.15-1getorin1</unaffected>
+               <bts>http://bugs.frugalware.org/task/4053</bts>
+               <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4369
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4370</cve>
+               <desc>Some vulnerabilities have been reported in Drupal Core, 
which can be exploited by malicious users to conduct script insertion attacks.
+                       1) Input passed to the "Category" input field of the 
Contact module's administration page is not properly sanitised before being 
displayed to the user. This can be exploited to insert arbitrary HTML and 
script code, which will be executed in a user's browser session in context of 
an affected site when the malicious data is being viewed.
+                       Successful exploitation requires the "administer 
site-wide contact form" privilege.
+                       2) Certain unspecified input passed to the Menu 
module's administration page is not properly sanitised before being displayed 
in the menu administration overview. This can be exploited to insert arbitrary 
HTML and script code, which will be executed in a user's browser session in 
context of an affected site when the malicious data is being viewed.
+                       Successful exploitation requires the privilege to 
create new menus.</desc>
+       </fsa>
+       <fsa>
<id>634</id>
<date>2010-03-01</date>
<author>Miklos Vajna</author>
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to