-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:181
http://www.mandriva.com/security/
View online: http://drupal.org/SA-CORE-2012-004
* Advisory ID: DRUPAL-SA-CORE-2012-004
* Project: Drupal core [1]
* Version: 6.x, 7.x
* Date: 2012-December-19
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass, Arbitrary PHP code
View online: http://drupal.org/node/1870550
* Advisory ID: DRUPAL-SA-CONTRIB-2012-174
* Project: Context [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2012-12-19
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Information Disclosure
After reading through such an extensive credit list in form of,
Reported by, Fixed by, Coordinated by, one wonders when we'll see
the Introduced by in the drupal patch announcements?
http://blog.zoller.lu
REPORTED BY
--
FIXED BY
In regards to the code exec;
Ever heard of whitelisting ?
Le 19 déc. 2012 14:39, security-n...@drupal.org a écrit :
View online: http://drupal.org/SA-CORE-2012-004
* Advisory ID: DRUPAL-SA-CORE-2012-004
* Project: Drupal core [1]
* Version: 6.x, 7.x
* Date: 2012-December-19
*