English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 105790 CVE descriptions
and 56160 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-9736
2009-09-18 23:22:13
--------------------------------------------------------------------------------

Name        : drupal-date
Product     : Fedora 11
Version     : 6.x.2.4
Release     : 0.fc11
URL         : http://drupal.org/project/date
Summary     : This package contains both the Date module and a Date API module
Description :
The Date API is available to be used by other modules and is not dependent
on having CCK installed.  The date module is a flexible date/time field
type for the cck content module which requires the CCK content.module and
the Date API module.

--------------------------------------------------------------------------------
Update Information:

 * Advisory ID: DRUPAL-SA-CONTRIB-2009-057     ( http://drupal.org/node/579144 )
* Project: Date (third-party module)   * Version: 5.x, 6.x   * Date:
2009-September-16   * Security risk: Moderately critical   * Exploitable from:
Remote   * Vulnerability: Cross Site Scripting    -------- DESCRIPTION
---------------------------------------------------------    The Date module
provides a date CCK field that can be added to any content  type. The Date
module does not properly escape user data correctly in some  cases when setting
the page title. A malicious user with permission to post  date content could
attempt a cross site scripting [1] (XSS) attack when  creating or editing
content, leading to the user gaining full administrative  access.  --------
VERSIONS AFFECTED ---------------------------------------------------     * Date
for Drupal 6.x prior to 6.x-2.4   * Date for Drupal 6.x prior to 5.x-2.8
Drupal core is not affected. If you do not use the contributed Date module,
there is nothing you need to do.  -------- SOLUTION
------------------------------------------------------------    Upgrade to the
latest version:   * If you use Date for Drupal 6.x upgrade to Date 6.x-2.4 [2]
* If you use Date for Drupal 5.x upgrade to Date 5.x-2.8 [3]    See also the
Date project page [4].  -------- REPORTED BY
---------------------------------------------------------    The Acquia, Inc.
support team  -------- FIXED BY
------------------------------------------------------------    Karen Stevenson
[5], the project maintainer.  -------- CONTACT
-------------------------------------------------------------    The security
contact for Drupal can be reached at security at drupal.org or  via the form at
http://drupal.org/contact.    [1] http://en.wikipedia.org/wiki/Cross-
site_scripting  [2] http://drupal.org/node/579000  [3]
http://drupal.org/node/578998  [4] http://drupal.org/project/date  [5]
http://drupal.org/user/45874
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 16 2009 Jon Ciesla <limb@jcomserv.net> - 6.x.2.4-0
- Update to new version.
- Fix for DRUPAL-SA-CONTRIB-2009-057.
* Wed Jul 29 2009 Jon Ciesla <limb@jcomserv.net> - 6.x.2.3-0
- Update to new version.
- Fix for DRUPAL-SA-CONTRIB-2009-046.
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.x.2.0-2.rc4.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update drupal-date' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2017 E-Soft Inc. All rights reserved.