aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2008-10-23 04:55:59 +0800
committerdelphij <delphij@FreeBSD.org>2008-10-23 04:55:59 +0800
commitd7a7f323b9283829c35c0665b9512b94f154e46c (patch)
treec020581b055ccf13b3ca20f76b59955edf0ed550 /security
parent0df2e7f9581c0aba98a163ba238b09ba5b9a7c2c (diff)
downloadfreebsd-ports-graphics-d7a7f323b9283829c35c0665b9512b94f154e46c.tar.gz
freebsd-ports-graphics-d7a7f323b9283829c35c0665b9512b94f154e46c.tar.zst
freebsd-ports-graphics-d7a7f323b9283829c35c0665b9512b94f154e46c.zip
Document drupal multiple vulnerabilities.
Submitted by: Nick Hilliard <nick foobar org>
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml38
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 4772d693022..6c90ce42c46 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,44 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="706c9eef-a077-11dd-b413-001372fd0af2">
+ <topic>drupal -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>drupal5</name>
+ <range><lt>5.12</lt></range>
+ </package>
+ <package>
+ <name>drupal6</name>
+ <range><lt>6.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Drupal Project reports:</p>
+ <blockquote cite="http://drupal.org/node/324824">
+ <p>On a server configured for IP-based virtual hosts, Drupal may be
+ caused to include and execute specifically named files outside
+ of its root directory. This bug affects both Drupal 5 and
+ Drupal 6.</p>
+ <p>The title of book pages is not always properly escaped, enabling
+ users with the "create book content" permission or the
+ permission to edit any node in the book hierarchy to insert
+ arbitrary HTML and script code into pages. Such a Cross site
+ scripting attack may lead to the attacker gaining administrator
+ access. This bug affects Drupal 6.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://drupal.org/node/324824</url>
+ </references>
+ <dates>
+ <discovery>2008-10-22</discovery>
+ <entry>2008-10-22</entry>
+ </dates>
+ </vuln>
+
<vuln vid="06eac338-9ddf-11dd-813f-000e35248ad7">
<topic>libxine -- denial of service vulnerability</topic>
<affects>