Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 May 2014 16:49:08 +1000
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary
 code execution due to improper input handling in flag importer

Good morning,

Could a CVE please be assigned to 
http://seclists.org/fulldisclosure/2014/May/44 if one has not been already?

Apart from version 7, drupal6-flag-2.1-1.fc20 looks affected - patch 
applies, but I did not test it. For an older version, 
drupal6-flag-1.3-3.fc19 appears unaffected.

Cheers,

--
Murray McAllister / Red Hat Security Response Team

https://bugzilla.redhat.com/show_bug.cgi?id=1096604

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ