187162 – www-apps/drupal XSS and cross-site request forgery vulnerabilities

Bug 187162 - www-apps/drupal XSS and cross-site request forgery vulnerabilities

Summary: www-apps/drupal XSS and cross-site request forgery vulnerabilities

Status:	RESOLVED DUPLICATE of bug 186884

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-07-30 18:56 UTC by Matt Fleming (RETIRED)
Modified:	2007-07-30 18:58 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Fleming (RETIRED) gentoo-dev

2007-07-30 18:56:50 UTC

The Drupal Security Team have released two advisories,

1. http://drupal.org/files/sa-2007-017/advisory.txt
2. http://drupal.org/files/sa-2007-018/advisory.txt

The first details a cross-site request forgery vuln that effects drupal 
5.x before 5.2. The second details a XSS vuln that effects drupal 5.x 
before 5.2 and drupal 4.7.x before 4.7.7

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2007-07-30 18:58:22 UTC


*** This bug has been marked as a duplicate of bug 186884 ***