Это список объявлений о безопасности, который был выпущен для текущей стабильной версии Frugalware
| Пакет: | drupal6 |
| Дата: | 2012-02-05 |
| Опубликовано: | Miklos Vajna |
| Уязвимая версия: | 6.22-1 |
| Неподверженная уязвимости версия: | 6.24-1mores1 |
| Запись в трекере ошибок: | https://bugs.frugalware.org/ticket/4654 |
| CVE: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0827 |
| Описание: | A security issue and a vulnerability have been reported in Drupal, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) The security issue is caused due to the OpenID module not properly verifying the signature of Attribute Exchange (AX) information, which can be exploited to manipulate AX information. 2) An error in the File module when using certain field access modules can be exploited to download private files which would otherwise be restricted. |













