Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=8cdf57d01f42b9996247aa3ee1847cc7cde8c7b5
commit 8cdf57d01f42b9996247aa3ee1847cc7cde8c7b5 Author: Miklos Vajna <vmik...@frugalware.org> Date: Sun Aug 22 22:32:50 2010 +0200 FSA691-drupal6-devel diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 1227c12..ed8c2dd 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,19 @@ <fsas> <fsa> + <id>691</id> + <date>2010-08-22</date> + <author>Miklos Vajna</author> + <package>drupal6-devel</package> + <vulnerable>6.x_1.18-1</vulnerable> + <unaffected>6.x_1.21-1locris1</unaffected> + <bts>http://bugs.frugalware.org/task/4290</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3022</cve> + <desc>A vulnerability has been reported in the Devel (Performance logging) module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. + Certain input passed via node paths is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. + Successful exploitation requires that the attacker has permissions to add url aliases and the victim has access to the reports of the performance module.</desc> + </fsa> + <fsa> <id>690</id> <date>2010-08-22</date> <author>Miklos Vajna</author> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git