DRUPAL-SA-CONTRIB-2009-088: "Names of workflows and workflow states are not sanitised to display as plain text, leading to a Cross Site Scripting vulnerability. Exploiting this vulnerability would allow a malicious user to gain full administrative access. Mitigating factors: A malicious user would need 'administer workflow' permission to carry out the cross-site-scripting attack."
Cheers, Stephan Index: Makefile =================================================================== RCS file: /cvs/ports/www/drupal6/workflow/Makefile,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 Makefile --- Makefile 15 Aug 2009 12:56:30 -0000 1.1.1.1 +++ Makefile 29 Oct 2009 07:51:33 -0000 @@ -2,8 +2,8 @@ COMMENT = create and assign arbitrary workflows to node types -DISTNAME = workflow-6.x-1.1 -PKGNAME = drupal6-workflow-1.1 +DISTNAME = workflow-6.x-1.2 +PKGNAME = drupal6-workflow-1.2 MAINTAINER= Stephan A. Rickauer <stephan.ricka...@startek.ch> Index: distinfo =================================================================== RCS file: /cvs/ports/www/drupal6/workflow/distinfo,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 distinfo --- distinfo 15 Aug 2009 12:56:30 -0000 1.1.1.1 +++ distinfo 29 Oct 2009 07:51:33 -0000 @@ -1,5 +1,5 @@ -MD5 (drupal6/workflow-6.x-1.1.tar.gz) = g8aJpzL0aFO2ivNfwtGOdg== -RMD160 (drupal6/workflow-6.x-1.1.tar.gz) = u3+vpf/2q/btYTMK3nTOjdf8Vi0= -SHA1 (drupal6/workflow-6.x-1.1.tar.gz) = 0XhIvuakqKRFOKObSGNOoJb69u8= -SHA256 (drupal6/workflow-6.x-1.1.tar.gz) = 7xMWTzAsWu39KWPeoiVFLvdLKFKcnra/v8TS5W495bQ= -SIZE (drupal6/workflow-6.x-1.1.tar.gz) = 55137 +MD5 (drupal6/workflow-6.x-1.2.tar.gz) = dwzdohJkzgiKWKiWuBdUfw== +RMD160 (drupal6/workflow-6.x-1.2.tar.gz) = rreHZLKMe0QrLhRDn/b8JfRAcLw= +SHA1 (drupal6/workflow-6.x-1.2.tar.gz) = JwKB4weG9IrX9jSriLEtFX/uq+I= +SHA256 (drupal6/workflow-6.x-1.2.tar.gz) = iNv5csL3hU5KYx5Y2HhespuXkWy5ZHEMNs39BQ7+6C8= +SIZE (drupal6/workflow-6.x-1.2.tar.gz) = 55262