security update: www/drupal6-workflow-1.2

Thu, 29 Oct 2009 01:13:59 -0700 

DRUPAL-SA-CONTRIB-2009-088:

"Names of workflows and workflow states are not sanitised to display
as plain text, leading to a Cross Site Scripting vulnerability.
Exploiting this vulnerability would allow a malicious user to gain full
administrative access. Mitigating factors: A malicious user would need
'administer workflow' permission to carry out the cross-site-scripting
attack."

Cheers,
Stephan


Index: Makefile
===================================================================
RCS file: /cvs/ports/www/drupal6/workflow/Makefile,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 Makefile
--- Makefile    15 Aug 2009 12:56:30 -0000      1.1.1.1
+++ Makefile    29 Oct 2009 07:51:33 -0000
@@ -2,8 +2,8 @@
 
 COMMENT =      create and assign arbitrary workflows to node types
 
-DISTNAME =     workflow-6.x-1.1
-PKGNAME =      drupal6-workflow-1.1
+DISTNAME =     workflow-6.x-1.2
+PKGNAME =      drupal6-workflow-1.2
 
 MAINTAINER=     Stephan A. Rickauer <stephan.ricka...@startek.ch>
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/drupal6/workflow/distinfo,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 distinfo
--- distinfo    15 Aug 2009 12:56:30 -0000      1.1.1.1
+++ distinfo    29 Oct 2009 07:51:33 -0000
@@ -1,5 +1,5 @@
-MD5 (drupal6/workflow-6.x-1.1.tar.gz) = g8aJpzL0aFO2ivNfwtGOdg==
-RMD160 (drupal6/workflow-6.x-1.1.tar.gz) = u3+vpf/2q/btYTMK3nTOjdf8Vi0=
-SHA1 (drupal6/workflow-6.x-1.1.tar.gz) = 0XhIvuakqKRFOKObSGNOoJb69u8=
-SHA256 (drupal6/workflow-6.x-1.1.tar.gz) = 
7xMWTzAsWu39KWPeoiVFLvdLKFKcnra/v8TS5W495bQ=
-SIZE (drupal6/workflow-6.x-1.1.tar.gz) = 55137
+MD5 (drupal6/workflow-6.x-1.2.tar.gz) = dwzdohJkzgiKWKiWuBdUfw==
+RMD160 (drupal6/workflow-6.x-1.2.tar.gz) = rreHZLKMe0QrLhRDn/b8JfRAcLw=
+SHA1 (drupal6/workflow-6.x-1.2.tar.gz) = JwKB4weG9IrX9jSriLEtFX/uq+I=
+SHA256 (drupal6/workflow-6.x-1.2.tar.gz) = 
iNv5csL3hU5KYx5Y2HhespuXkWy5ZHEMNs39BQ7+6C8=
+SIZE (drupal6/workflow-6.x-1.2.tar.gz) = 55262

Reply via email to