Hi Luigi,
* Luigi Gangitano <[EMAIL PROTECTED]> [2008-10-08 19:02]:
> >
> tags 501063 +wontfix
>
> Upstream doesn't consider this a drupal issue and have not published a fix
> yet.
> See
>
> http://int21.de/cve/CVE-2008-3661-drupal.html
>
> for details.
It should still be no big deal to use
tags 501063 +wontfix
thanks
Upstream doesn't consider this a drupal issue and have not published a
fix yet. See
http://int21.de/cve/CVE-2008-3661-drupal.html
for details.
Regards,
L
--
Luigi Gangitano -- <[EMAIL PROTECTED]> -- <[EMAIL PROTECTED]>
GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB
Package: drupal6
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for drupal6.
CVE-2008-3661[0]:
| Drupal, probably 5.10 and 6.4, does not set the secure flag for the
| session cookie in an https session, which can cause the cookie to
3 matches
Mail list logo
