U radu programskog paketa drupal6-ctools, distribuiranog s operacijskim sustavom Fedora 16 i 17, uočen je sigurnosni propust. Udaljenim napadačima omogućuje dodavanje osjetljivog sadržaja i izvođenje XSS napada.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12145
2012-08-17 23:15:51
--------------------------------------------------------------------------------

Name        : drupal6-ctools
Product     : Fedora 16
Version     : 1.9
Release     : 1.fc16
URL         : http://drupal.org/project/ctools
Summary     : This suite is primarily a set of APIs and tools
Description :
This suite is primarily a set of APIs and tools
to improve the developer experience.
It also contains a module called the Page Manager whose job is to manage pages.
In particular it manages panel pages,
but as it grows it will be able to manage far more than just Panels.

For the moment, it includes the following tools:

Plug-ins -- tools to make it easy for modules
to let other modules implement plug-ins from .inc files.

Ex-portables -- tools to make it easier for modules to have objects
that live in database or live in code, such as 'default views'.

AJAX responder -- tools to make it easier for the server to handle AJAX requests
and tell the client what to do with them.

Form tools -- tools to make it easier for forms to deal with AJAX.

Object caching -- tool to make it easier to edit an object
across multiple page requests and cache the editing work.

Contexts -- the notion of wrapping objects in a unified wrapper
and providing an API to create and accept these contexts as input.

Modal dialog -- tool to make it simple to put a form in a modal dialog.

Dependent -- a simple form widget to make form items appear
and disappear based upon the selections in another item.

Content -- plug-gable content types used as panes in Panels
and other modules like Dashboard.

Form wizard -- an API to make multiple-step forms much easier.

CSS tools -- tools to cache and sanitize CSS easily to make user-input CSS safe.

--------------------------------------------------------------------------------
Update Information:

New security fix release, http://drupal.org/node/1719786.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 16 2012 Peter Borsa <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.9-1
- New upstream version.
* Wed Jul 18 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1.8-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1.8-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #848888 - drupal6-ctools: local file inclusion and XSS flaws
(DRUPAL-SA-CONTRIB-2012-125) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=848888
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update drupal6-ctools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce