Date: Mon, 12 May 2014 16:49:08 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer Good morning, Could a CVE please be assigned to http://seclists.org/fulldisclosure/2014/May/44 if one has not been already? Apart from version 7, drupal6-flag-2.1-1.fc20 looks affected - patch applies, but I did not test it. For an older version, drupal6-flag-1.3-3.fc19 appears unaffected. Cheers, -- Murray McAllister / Red Hat Security Response Team https://bugzilla.redhat.com/show_bug.cgi?id=1096604
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ