commit 2bc78815ddcb3e15ec17d554bc08a754147b52e7
Author: Miklos Vajna <>
Date:   Sun Aug 22 20:45:07 2010 +0200


diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index aefa9d2..512117c 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,20 @@

+               <id>686</id>
+               <date>2010-08-22</date>
+               <author>Miklos Vajna</author>
+               <package>drupal</package>
+               <vulnerable>5.22-2locris1</vulnerable>
+               <unaffected>5.23-1locris1</unaffected>
+               <bts></bts>
+               <cve>No CVE, see</cve>
+               <desc>A weakness and a vulnerability have been reported in 
Drupal, which can be exploited by malicious users to conduct script insertion 
attacks, and by malicious users and malicious people to bypass certain security 
+                       1) The weakness is caused due to an error in the upload 
module, which does not properly check uploaded file names for case sensitivity 
and grants access to the earlier uploaded file. This can be exploited to 
download otherwise restricted files by uploading similarly named file with 
different letter casing.
+                       2) An error in the comment module does not properly 
check for access permissions before republishing previously unpublished 
+                       Successful exploitation of this vulnerability requires 
"post comments without approval" permissions.</desc>
+       </fsa>
+       <fsa>
<author>Miklos Vajna</author>
Frugalware-git mailing list

Reply via email to