Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=4830666230dfb65272ea7d9f4424a88beeacccac

commit 4830666230dfb65272ea7d9f4424a88beeacccac
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Sun Aug 22 22:29:22 2010 +0200

FSA690-drupal6-cck

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index f6b58e3..1227c12 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,18 @@

<fsas>
<fsa>
+               <id>690</id>
+               <date>2010-08-22</date>
+               <author>Miklos Vajna</author>
+               <package>drupal6-cck</package>
+               <vulnerable>6.x_2.7-1locris1</vulnerable>
+               <unaffected>6.x_2.8-1locris1</unaffected>
+               <bts>http://bugs.frugalware.org/task/4289</bts>
+               <cve>No CVE, see http://drupal.org/node/880736.</cve>
+               <desc>A vulnerability has been reported in the Drupal Content 
Construction Kit (CCK), which can be exploited by malicious users to disclose 
sensitive information.
+                       The vulnerability is caused due to the CCK "Node 
Reference" not properly validating field access levels on the source field of 
the backend URL, which can be exploited to view node titles and IDs of 
otherwise restricted nodes.</desc>
+       </fsa>
+       <fsa>
<id>689</id>
<date>2010-08-22</date>
<author>Miklos Vajna</author>
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to