commit 8cdf57d01f42b9996247aa3ee1847cc7cde8c7b5
Author: Miklos Vajna <>
Date:   Sun Aug 22 22:32:50 2010 +0200


diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 1227c12..ed8c2dd 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,19 @@

+               <id>691</id>
+               <date>2010-08-22</date>
+               <author>Miklos Vajna</author>
+               <package>drupal6-devel</package>
+               <vulnerable>6.x_1.18-1</vulnerable>
+               <unaffected>6.x_1.21-1locris1</unaffected>
+               <bts></bts>
+               <desc>A vulnerability has been reported in the Devel 
(Performance logging) module for Drupal, which can be exploited by malicious 
users to conduct script insertion attacks.
+                       Certain input passed via node paths is not properly 
sanitised before being displayed to the user. This can be exploited to insert 
arbitrary HTML and script code, which will be executed in a user's browser 
session in context of an affected site when the malicious data is being viewed.
+                       Successful exploitation requires that the attacker has 
permissions to add url aliases and the victim has access to the reports of the 
performance module.</desc>
+       </fsa>
+       <fsa>
<author>Miklos Vajna</author>
Frugalware-git mailing list

Reply via email to