Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=db6a344cd6ba1c11d18801590293f00bf23b2b60
commit db6a344cd6ba1c11d18801590293f00bf23b2b60 Author: Miklos Vajna <vmik...@frugalware.org> Date: Mon May 17 00:04:43 2010 +0200 FSA671-drupal6-filefield diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index cbfc48b..f139714 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,19 @@ <fsas> <fsa> + <id>671</id> + <date>2010-05-17</date> + <author>Miklos Vajna</author> + <package>drupal6-filefield</package> + <vulnerable>6.x_3.2-1</vulnerable> + <unaffected>6.x_3.3-1locris1</unaffected> + <bts>http://bugs.frugalware.org/task/4207</bts> + <cve>No CVE references, see http://drupal.org/node/791050.</cve> + <desc>A security issue has been reported in the FileField module for Drupal, which potentially can be exploited by malicious users to compromise a vulnerable system. + The security issue exists due to improper creation of a default extension for a new file field when the field configuration page is not saved and can be exploited to upload arbitrary files to a directory inside the webroot. + Successful exploitation may allow execution of arbitrary PHP code but requires "create" or "edit" permission for the file field.</desc> + </fsa> + <fsa> <id>670</id> <date>2010-05-17</date> <author>Miklos Vajna</author> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git
