commit db6a344cd6ba1c11d18801590293f00bf23b2b60
Author: Miklos Vajna <>
Date:   Mon May 17 00:04:43 2010 +0200


diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index cbfc48b..f139714 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,19 @@

+               <id>671</id>
+               <date>2010-05-17</date>
+               <author>Miklos Vajna</author>
+               <package>drupal6-filefield</package>
+               <vulnerable>6.x_3.2-1</vulnerable>
+               <unaffected>6.x_3.3-1locris1</unaffected>
+               <bts></bts>
+               <cve>No CVE references, see</cve>
+               <desc>A security issue has been reported in the FileField 
module for Drupal, which potentially can be exploited by malicious users to 
compromise a vulnerable system.
+                       The security issue exists due to improper creation of a 
default extension for a new file field when the field configuration page is not 
saved and can be exploited to upload arbitrary files to a directory inside the 
+                       Successful exploitation may allow execution of 
arbitrary PHP code but requires "create" or "edit" permission for the file 
+       </fsa>
+       <fsa>
<author>Miklos Vajna</author>
Frugalware-git mailing list

Reply via email to