Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 May 2014 16:49:08 +1000
From: Murray McAllister <>
Subject: CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary
 code execution due to improper input handling in flag importer

Good morning,

Could a CVE please be assigned to if one has not been already?

Apart from version 7, drupal6-flag-2.1-1.fc20 looks affected - patch 
applies, but I did not test it. For an older version, 
drupal6-flag-1.3-3.fc19 appears unaffected.


Murray McAllister / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ