Security-news

security-news@drupal.org

1 participants
1782 discussions

SA-CONTRIB-2010-101 - Watcher - Multiple Vulnerabilities
by security-news＠drupal.org 28 Oct '10

28 Oct '10

* Advisory ID: DRUPAL-SA-CONTRIB-2010-101 * Project: Watcher * Version: 5.x, 6.x * Date: 2010-October-27 * Security risk: Critical * Exploitable from: Remote * Vulnerability: Cross-site Scripting and Cross-site Request Forgery -------- DESCRIPTION --------------------------------------------------------- The Watcher module lets users subscribe to nodes so they receive email notifications when comments are posted or nodes are changed. The Watcher module did not sanitize some of the user supplied data before displaying it, leading to a Cross Site Scripting (XSS [1]) vulnerability which can be used by a malicious user to gain full administrative access. The Watcher module did not protect the subscribe and unsubscribe links against Cross-site Request Forgeries (CSRF [2]). -------- VERSIONS AFFECTED --------------------------------------------------- * Watcher for Drupal 5.x prior to Watcher 5.x-1.7 * Watcher for Drupal 6.x prior to Watcher 6.x-1.4 Drupal core is not affected. If you do not use the contributed Watcher [3], there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use Watcher for Drupal 5.x upgrade to Watcher 5.x-1.7 [4] * If you use Watcher for Drupal 6.x upgrade to Watcher 6.x-1.4 [5] See also the Watcher [6] project page. -------- REPORTED BY --------------------------------------------------------- * Ivo Van Geertruyen (mr.baileys [7]) of the Drupal Security Team -------- FIXED BY ------------------------------------------------------------ * Jakob Persson (solipsist [8]), module maintainer -------- CONTACT ------------------------------------------------------------- The security team for Drupal [9] can be reached at security at drupal.org or via the form at http://drupal.org/contact [10]. Read more about the Security Team and Security Advisories at http://drupal.org/security [11]. [1] http://en.wikipedia.org/wiki/Cross-site_scripting [2] http://en.wikipedia.org/wiki/Csrf [3] http://drupal.org/project/watcher [4] http://drupal.org/node/953740 [5] http://drupal.org/node/953738 [6] http://drupal.org/project/watcher [7] http://drupal.org/user/383424 [8] http://drupal.org/user/37564 [9] http://drupal.org/security-team [10] http://drupal.org/contact [11] http://drupal.org/security

1 0

SA-CONTRIB-2010-100 - Ubuntu Drupal Theme - Directory traversal and information disclosure
by security-news＠drupal.org 20 Oct '10

20 Oct '10

* Advisory ID: DRUPAL-SA-CONTRIB-2010-100 * Projects: Ubuntu Drupal Theme - Brown * Version: 5.x, 6.x * Date: 2010-October-20 * Security risk: Moderately critical * Exploitable from: Remote * Vulnerability: Directory traversal and information disclosure -------- DESCRIPTION --------------------------------------------------------- This Ubuntu Drupal Theme - Brown is designed to mimic the old ubuntu.com. The theme used a PHP file to generate a gradient image on the fly. User input from the URL is not properly validated in this PHP code, leading to a directory traversal vulnerability where the contents of any file readable by the webserver may be displayed to the remote user, potentially revealing sensitive information. -------- VERSIONS AFFECTED --------------------------------------------------- * Ubuntu Drupal Theme - Brown all versions on all branches prior to 6.x-8.1 * Ubuntu Drupal Theme - Brown for Drupal 5.x Drupal core is not affected. If you do not use the contributed Ubuntu Drupal Theme - Brown [1], there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Ubuntu Drupal Theme - Brown for Drupal 6.x (any prior version on any branch), upgrade to Ubuntu Drupal Theme - Brown 6.x-8.1 [2] * If you use the Ubuntu Drupal Theme - Brown for Drupal 5.x, it is no longer supported and should be disabled or the 6.x fix applied See also the Ubuntu Drupal Theme - Brown project page [3]. -------- REPORTED BY --------------------------------------------------------- * Steve Foris -------- FIXED BY ------------------------------------------------------------ * MTecknology [4], the Ubuntu Drupal theme maintainer -------- CONTACT ------------------------------------------------------------- The security team for Drupal [5] can be reached at security at drupal.org or via the form at http://drupal.org/contact [6]. Read more about the Security Team and Security Advisories at http://drupal.org/security [7]. [1] http://drupal.org/project/udtheme [2] http://drupal.org/node/947670 [3] http://drupal.org/project/udtheme [4] http://drupal.org/user/302171 [5] http://drupal.org/security-team [6] http://drupal.org/contact [7] http://drupal.org/security

1 0

SA-CONTRIB-2010-099 - Views Bulk Operations - Access Bypass
by security-news＠drupal.org 06 Oct '10

06 Oct '10

* Advisory ID: DRUPAL-SA-CONTRIB-2010-099 * Project: Views Bulk Operations (third-party module) * Version: 6.x * Date: 2010-October-6 * Security risk: Not critical * Exploitable from: Remote * Vulnerability: Access bypass -------- DESCRIPTION --------------------------------------------------------- Views Bulk Operations augments Views by allowing bulk operations to be executed on the nodes and users displayed by a view. It does so by showing a checkbox in front of each item, and adding a select box containing operations that can be applied on the selected items. In some circumstances, a malicious user could use Views Bulk Operation to cause user 0 (the anonymous user) to be deleted. The effects of deleting user 0 vary depending on the system configuration and the use of other contributed modules, ranging from trivial errors to significant loss of functionality. The risk is mitigated by the fact that a malicious user would need permission to a view that lets him/her manage users through Views Bulk Operations in order to exploit this vulnerability. -------- VERSIONS AFFECTED --------------------------------------------------- * Views Bulk Operations for Drupal 6 prior to 6.x-1.10 Drupal core is not affected. If you do not use the contributed Views Bulk Operations [1] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Views Bulk Operations module for Drupal 6.x upgrade to Views Bulk Operations 6.x-1.10 [2] See also the Views Bulk Operations [3] project page. -------- REPORTED BY --------------------------------------------------------- * Joonas Kiminki (onaz [4]) * Teemu Merikoski (tcmug [5]) -------- FIXED BY ------------------------------------------------------------ * Joonas Kiminki (onaz [6]) * Teemu Merikoski (tcmug [7]) -------- CONTACT ------------------------------------------------------------- The Drupal security team [8] can be reached at security at drupal.org or via the form at http://drupal.org/contact [9]. [1] http://drupal.org/project/views_bulk_operations [2] http://drupal.org/node/933596 [3] http://drupal.org/project/views_bulk_operations [4] http://drupal.org/user/158968 [5] http://drupal.org/user/515884 [6] http://drupal.org/user/158968 [7] http://drupal.org/user/515884 [8] http://drupal.org/security-team [9] http://drupal.org/contact

1 0

SA-CONTRIB-2010-098 - Memcache - Multiple vulnerabilities
by security-news＠drupal.org 30 Sep '10

30 Sep '10

* Advisory ID: DRUPAL-SA-CONTRIB-2010-098 * Project: memcache (third-party module) * Version: 5.x, 6.x * Date: 2010-September-29 * Security risk: Moderately critical * Exploitable from: Remote * Vulnerability: Access bypass, Cross-Site Scripting -------- DESCRIPTION --------------------------------------------------------- The Memcache project [1] provides an alternative cache backend which works with memcached program to speed up high traffic sites. The memcache backend caches the current $user object a little too aggressively, which can lead to a role change not being recognized until the user logs in again. The memcache_admin module does not sanitize some of the user supplied data before displaying it, leading to a Cross Site Scripting (XSS [2]) vulnerability which can be used by a malicious user to gain full administrative access. -------- VERSIONS AFFECTED --------------------------------------------------- * Memcache for Drupal 6.x versions prior to 6.x-1.6 * Memcache for Drupal 5.x versions prior to 5.x-1.10 Drupal core is not affected. If you do not use the contributed Memcache [3] backend there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Memcache for Drupal 6.x, upgrade to Memcache 6.x-1.6 [4] * If you use the Memcache for Drupal 5.x, upgrade to Memcache 5.x-2.10 [5] See also the Memcache project page [6]. -------- REPORTED BY --------------------------------------------------------- * Justin James Grevich (jgrevich) [7] * Moshe Weitzman [8], of the Drupal Security Team -------- FIXED BY ------------------------------------------------------------ * Robert Douglass (robertDouglass) [9], module maintainer * Moshe Weitzman [10], of the Drupal Security Team -------- CONTACT ------------------------------------------------------------- The Drupal security team [11] can be reached at security at drupal.org or via the form at http://drupal.org/contact [12]. [1] http://drupal.org/project/memcache [2] http://en.wikipedia.org/wiki/Cross-site_scripting [3] http://drupal.org/project/memcache [4] http://drupal.org/node/926474 [5] http://drupal.org/node/926478 [6] http://drupal.org/project/memcache [7] http://drupal.org/user/355156 [8] http://drupal.org/user/31977 [9] http://drupal.org/user/5449 [10] http://drupal.org/user/23 [11] http://drupal.org/security-team [12] http://drupal.org/contact

1 0

SA-CONTRIB-2010-097 - Imagemenu - Multiple vulnerabilities
by security-news＠drupal.org 29 Sep '10

29 Sep '10

* Advisory ID: DRUPAL-SA-CONTRIB-2010-097 * Project: Imagemenu (third-party module) * Version: 5.x, 6.x * Date: 2010-September-29 * Security risk: Less critical * Exploitable from: Remote * Vulnerability: Cross-Site Scripting, Cross-site Request Forgery -------- DESCRIPTION --------------------------------------------------------- The Imagemenu module allows users to create and maintain image based menus. The Drupal 5 branch of this module contains a Cross Site Request Forgery (CSRF [1]) vulnerability which could allow a malicious user to trick an administrator into unintentionally enabling or disabling menu items provided by this module. The Drupal 6 branch of this module does not properly sanitize some user-supplied menu and menu item properties, leading to Cross-Site Scripting (XSS [2]) vulnerabilities. The risk is mitigated by the fact that the "administer imagemenu" permission is required in order to exploit this vulnerability. -------- VERSIONS AFFECTED --------------------------------------------------- * Imagemenu for Drupal 6 prior to 6.x-1.3 * Imagemenu for Drupal 5 prior to 5.x-1.2 Drupal core is not affected. If you do not use the contributed Imagemenu [3] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Imagemenu module for Drupal 6.x upgrade to Imagemenu 6.x-1.3 [4] * If you use the Imagemenu module for Drupal 5.x upgrade to Imagemenu 5.x-1.2 [5] See also the Imagemenu [6] project page. -------- REPORTED BY --------------------------------------------------------- * The XSS vulnerability on menu titles was reported by Joachim Noreiko (joachim [7]) * The XSS vulnerability on menu item description and the CSRF vulnerability were reported by Ivo Van Geertruyen (mr.baileys [8]) of the Drupal security team [9] -------- FIXED BY ------------------------------------------------------------ * Paul Maddern (pobster [10]), module maintainer * Ivo Van Geertruyen (mr.baileys [11]) of the Drupal security team [12] -------- CONTACT ------------------------------------------------------------- The Drupal security team [13] can be reached at security at drupal.org or via the form at http://drupal.org/contact [14]. [1] http://en.wikipedia.org/wiki/Cross-site_request_forgery [2] http://en.wikipedia.org/wiki/Cross-site_scripting [3] http://drupal.org/project/imagemenu [4] http://drupal.org/node/925726 [5] http://drupal.org/node/925730 [6] http://drupal.org/project/imagemenu [7] http://drupal.org/user/107701 [8] http://drupal.org/user/383424 [9] http://drupal.org/security-team [10] http://drupal.org/user/25159 [11] http://drupal.org/user/383424 [12] http://drupal.org/security-team [13] http://drupal.org/security-team [14] http://drupal.org/contact

1 0

SA-CONTRIB-2010-096 - Domain access - Multiple Vulnerabilities
by security-news＠drupal.org 22 Sep '10

22 Sep '10

* Advisory ID: DRUPAL-SA-CONTRIB-2010-096 * Project: Domain access (third-party module) * Version: 5.x, 6.x, 7.x * Date: 2010-September-22 * Security risk: Less critical * Exploitable from: Remote * Vulnerability: Cross-Site Scripting, Priviledge Escalation -------- DESCRIPTION --------------------------------------------------------- The Domain Access module suite allows users to maintain content shared across multiple domains running from a single Drupal installation. In several instances, the module does not sanitize the user-supplied domain name before displaying it, leading to a Cross-Site Scripting (XSS [1]) vulnerability that may lead to a malicious user gaining full administrative access. This vulnerability is mitigated by the fact that user must have the "administer domains" permission in order to create and edit domain names. The Domain Configuration sub-module allows certain site information settings to be configured per domain. Users with the "administer domains" permission could change these settings, even if they lacked the permission to edit the settings on the primary domain. -------- VERSIONS AFFECTED --------------------------------------------------- * Domain access module for Drupal 5.x versions prior to 5.x-1.15 * Domain access module for Drupal 6.x versions prior to 6.x.2.6 * Domain access module for Drupal 7.x versions prior to 7.x.2.4 Drupal core is not affected. If you do not use the contributed Domain access [2] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Domain access module for Drupal 5.x upgrade to Domain access 5.x-1.15 [3] * If you use the Domain access module for Drupal 6.x upgrade to Domain access 6.x.2.6 [4] * If you use the Domain access module for Drupal 7.x upgrade to Domain access 7.x.2.4 [5] See also the Domain access project page [6]. -------- REPORTED BY --------------------------------------------------------- * Sam Oldak [7] (Cross-Site Scripting) * brt [8] (Privilege escalation) * Nirbhasa Magee [9] (Privilege escalation) -------- FIXED BY ------------------------------------------------------------ * Sam Oldak [10] * Ken Rickard [11], the module maintainer -------- CONTACT ------------------------------------------------------------- The Drupal security team [12] can be reached at security at drupal.org or via the form at http://drupal.org/contact. [1] http://en.wikipedia.org/wiki/Cross-site_scripting [2] http://drupal.org/project/domain [3] http://drupal.org/node/919890 [4] http://drupal.org/node/919896 [5] http://drupal.org/node/919900 [6] http://drupal.org/project/domain [7] http://drupal.org/user/366337 [8] http://drupal.org/user/26752 [9] http://drupal.org/user/151770 [10] http://drupal.org/user/366337 [11] http://drupal.org/user/20975 [12] http://drupal.org/security-team

1 0

SA-CONTRIB-2010-095 - Lightbox2 - Multiple Vulnerabilities
by security-news＠drupal.org 22 Sep '10

22 Sep '10

* Advisory ID: DRUPAL-SA-CONTRIB-2010-095 * Project: Lightbox2 (third-party module) * Version: 5.x, 6.x * Date: 2010-September-22 * Security risk: Highly Critical * Exploitable from: Remote * Vulnerability: Access Bypass, Cross-Site Scripting -------- DESCRIPTION --------------------------------------------------------- The Lightbox2 module enables images to be overlaid on the current page using JavaScript. The module displays images above the page instead of within it, freeing the page design from layout constraints and keeping users on the same page. The module does not sanitize some of the user supplied data before displaying it, leading to a Cross Site Scripting (XSS [1]) vulnerability which can be used by a malicious user to gain full administrative access. The Lightbox2 module also enables Embedded Media Field [2] and Acidfree [3] videos to be displayed in a modal popup. In some cases checks on the user's field level access to the source video were not carried out correctly, allowing direct queries to the backend URL resulting in the display of videos which the user would otherwise be unable to access. -------- VERSIONS AFFECTED --------------------------------------------------- * Lightbox2 module for Drupal 6.x versions prior to 6.x-1.10 * Lightbox2 module for Drupal 5.x versions prior to 5.x-2.10 Drupal core is not affected. If you do not use the contributed Lightbox2 [4] module there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Lightbox2 module for Drupal 6.x upgrade to Lightbox2 6.x-1.10 [5] * If you use the Lightbox2 module for Drupal 5.x upgrade to Lightbox2 5.x-2.10 [6] See also the Lightbox2 project page [7]. -------- REPORTED BY --------------------------------------------------------- * mr.baileys [8], of the Drupal Security Team * Jakub Suchy (meba) [9], of the Drupal Security Team * Stella Power (stella) [10], module maintainer * hefox [11] -------- FIXED BY ------------------------------------------------------------ * Stella Power (stella) [12], module maintainer -------- CONTACT ------------------------------------------------------------- The Drupal security team [13] can be reached at security at drupal.org or via the form at http://drupal.org/contact [14]. [1] http://en.wikipedia.org/wiki/Cross-site_scripting [2] http://drupal.org/project/emfield [3] http://drupal.org/project/acidfree [4] http://drupal.org/project/lightbox2 [5] http://drupal.org/node/919648 [6] http://drupal.org/node/919636 [7] http://drupal.org/project/lightbox2 [8] http://drupal.org/user/383424 [9] http://drupal.org/user/31977 [10] http://drupal.org/user/66894 [11] http://drupal.org/user/426416 [12] http://drupal.org/user/66894 [13] http://drupal.org/security-team [14] http://drupal.org/contact

1 0

SA-CONTRIB-2010-094 - Embedded Media Field - Access bypass
by security-news＠drupal.org 22 Sep '10

22 Sep '10

* Advisory ID: DRUPAL-SA-CONTRIB-2010-094 * Project: Embedded Media Field (third-party module) * Version: 5.x, 6.x * Date: 2010-September-22 * Security risk: Moderately Critical * Exploitable from: Remote * Vulnerability: Access Bypass -------- DESCRIPTION --------------------------------------------------------- The Embedded Media Field project is a set of modules that enable editors to post URL's and embed codes for third party media providers such as YouTube, Vimeo, or Flickr, which will be automatically parsed and displayed using preset formatters. The Embedded Video Field module (packaged with the project) enables videos to be displayed in a modal popup using the Lightbox2 [1], Shadowbox [2], Colorbox [3], and Thickbox [4] modules. In some cases checks on the user's field level access to the source video were not carried out correctly, allowing direct queries to the backend URL resulting in the display of videos which the user would otherwise be unable to access. -------- VERSIONS AFFECTED --------------------------------------------------- * Embedded Media Field module for Drupal 6.x versions prior to 6.x-1.24 and 6.x-2.0 * Embedded Media Field module for Drupal 5.x versions prior to 5.x-1.10 Drupal core is not affected. If you do not use the contributed Embedded Media Field [5] module, together with the Embedded Video Field module there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Embedded Media Field module for Drupal 6.x upgrade to Embedded Media Field 6.x-2.1 [6] or Embedded Media Field 6.x-1.25 [7] * If you use the Embedded Media Field module for Drupal 5.x upgrade to Embedded Media Field 5.x-1.11 [8] See also the Embedded Media Field project page [9]. .... Important note Users wishing to update from version DRUPAL 6.x-1.x to version DRUPAL 6.x-2.x (or greater) of Embedded Media Field should be aware that as of version DRUPAL 6.x-2.x the module no longer provides direct support for third party media providers, instead it acts as an API for other modules to use. All providers previously supported directly in earlier versions are now supported externally; see the partial list at the project page for a list of modules offering this support (such as Media: YouTube [10], Media: Vimeo [11], and Media: Flickr [12]). Please note that at this time there are not yet specific modules for all the individual providers; if you don't see your desired provider in that list, it most likely will be in one of the 'Flotsam' modules listed at the end of that list, which serve as a temporary placeholder. Developers interested in creating or maintaining one of these individual provider modules are encouraged to contact the module maintainers. -------- REPORTED BY --------------------------------------------------------- * Stella Power (stella) [13], of the Drupal security team -------- FIXED BY ------------------------------------------------------------ * Stella Power (stella) [14], of the Drupal security team * Aaron Winborn (aaron) [15], module co-maintainer -------- CONTACT ------------------------------------------------------------- The Drupal security team [16] can be reached at security at drupal.org or via the form at http://drupal.org/contact [17]. [1] http://drupal.org/project/lightbox2 [2] http://drupal.org/project/shadowbox [3] http://drupal.org/project/colorbox [4] http://drupal.org/project/thickbox [5] http://drupal.org/project/emfield [6] http://drupal.org/node/919368 [7] http://drupal.org/node/919366 [8] http://drupal.org/node/919364 [9] http://drupal.org/project/emfield [10] http://drupal.org/project/media_youtube [11] http://drupal.org/project/media_vimeo [12] http://drupal.org/project/media_flickr [13] http://drupal.org/user/66894 [14] http://drupal.org/user/66894 [15] http://drupal.org/user/33420 [16] http://drupal.org/security-team [17] http://drupal.org/contact

1 0

SA-CONTRIB-2010-093 - Advanced Taxonomy Blocks - Multiple Vulnerabilities
by security-news＠drupal.org 15 Sep '10

15 Sep '10

* Advisory ID: DRUPAL-SA-CONTRIB-2010-093 * Project: Advanced Taxonomy Blocks (third-party module) * Version: 6.x * Date: 2010-September-15 * Security risk: Moderately critical * Exploitable from: Remote * Vulnerability: Cross Site Scripting, Cross Site Request Forgery -------- DESCRIPTION --------------------------------------------------------- Advanced Taxonomy Blocks makes use of the JQuery menu module to create extremely customizable blocks for browsing through single hierarchy taxonomies. The module contained Cross Site Scripting vulnerabilities which could allow a malicious user with one of several non-default permissions to inject arbitrary javascript into the administrative pages provided by this module. The module also contained Cross Site Request Forgery vulnerabilities which could allow an attacker to trick an administrator into unintentionally deleting or resetting blocks provided by this module. -------- VERSIONS AFFECTED --------------------------------------------------- * Advanced Taxonomy Blocks module for Drupal 6.x versions prior to 6.x-3.4 Drupal core is not affected. If you do not use the contributed Advanced Taxonomy Blocks [1] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Advanced Taxonomy Blocks module for Drupal 6.x upgrade to Advanced Taxonomy Blocks 6.x-3.4 [2] See also the Advanced Taxonomy Blocks [3]. -------- REPORTED BY --------------------------------------------------------- * mr.baileys , of the Drupal Security Team. -------- FIXED BY ------------------------------------------------------------ * Aaron Hawkins , the module maintainer. -------- CONTACT ------------------------------------------------------------- The Drupal security team [4] can be reached at security at drupal.org or via the form at http://drupal.org/contact. [1] http://drupal.org/project/taxonomyblocks [2] http://drupal.org/node/912584 [3] http://drupal.org/project/taxonomyblocks [4] http://drupal.org/security-team

1 0

SA-CONTRIB-2010-092 - Advanced Book Blocks - Multiple Vulnerabilities
by security-news＠drupal.org 15 Sep '10

15 Sep '10

* Advisory ID: DRUPAL-SA-CONTRIB-2010-092 * Project: Advanced Book Blocks (third-party module) * Version: 6.x * Date: 2010-September-15 * Security risk: Moderately critical * Exploitable from: Remote * Vulnerability: Cross Site Scripting, Cross Site Request Forgery -------- DESCRIPTION --------------------------------------------------------- The Advanced Book Blocks module enables you to integrate with the API provided by the JQuery Menu module (version 1.8 and higher) to provide click and expand book menus with the ability to customize each block individually. The module contained Cross Site Scripting vulnerabilities which could allow a malicious user with one of several non-default permissions to inject arbitrary javascript into the administrative pages provided by this module. The module also contained Cross Site Request Forgery vulnerabilities which could allow an attacker to trick an administrator into unintentionally deleting or resetting blocks provided by this module. -------- VERSIONS AFFECTED --------------------------------------------------- * Advanced Book Blocks module for Drupal 6.x versions prior to 6.x-2.2 Drupal core is not affected. If you do not use the contributed Advanced Book Blocks [1] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Advanced Book Blocks module for Drupal 6.x upgrade to Advanced Book Blocks 6.x-2.2 [2] See also the Advanced Book Blocks [3]. -------- REPORTED BY --------------------------------------------------------- * Matt Chapman , of the Drupal Security Team. -------- FIXED BY ------------------------------------------------------------ * Aaron Hawkins , the module maintainer. * Matt Chapman , of the Drupal Security Team. -------- CONTACT ------------------------------------------------------------- The Drupal security team [4] can be reached at security at drupal.org or via the form at http://drupal.org/contact. [1] http://drupal.org/project/advancedbookblocks [2] http://drupal.org/node/912586 [3] http://drupal.org/project/advancedbookblocks [4] http://drupal.org/security-team

1 0

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Security-news