Drupal Global Redirect Module Open Redirection Vulnerability
Monthly Archives: February 2015
Vuln: PHP Address Book Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
PHP Address Book Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
Vuln: NetDecision HTTP Server Stack-Based Buffer Overflow Vulnerability
NetDecision HTTP Server Stack-Based Buffer Overflow Vulnerability
Vuln: OpenKM Authentication Bypass Vulnerability
OpenKM Authentication Bypass Vulnerability
Vuln: OpenEMR 'validateUser.php' SQL Injection Vulnerability
OpenEMR ‘validateUser.php’ SQL Injection Vulnerability
OpenSCAP Libraries 1.2.1
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
GNU Privacy Guard 1.4.19
GnuPG (the GNU Privacy Guard or GPG) is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
GNU Privacy Guard 2.0.27
GnuPG (the GNU Privacy Guard or GPG) is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
Fedora EPEL 5 Security Update: drupal7-entity-1.6-1.el5
Resolved Bugs
1196750 – drupal7-entity-1.6 is available<br
## 7.x-1.6
See [SA-CONTRIB-2015-053 – Entity API – Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905)
Changes since 7.x-1.5:
– by klausi: Sanitize field labels before passing them to the Token API.
– Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field.
– Issue #2039601 by DuaelFr, fago: Added Ease EntityMetadataWrapper usage with a getter.
– Issue #2160355 by wodenx, gmercer, fgm, jgullstr: Fixed Trying to get property of non-object in entity_metadata_user_access().
– Issue #1651824 by meatsack | joachim: Fixed ‘entity_test’ table has incorrect declaration of foreign keys.
– Issue #2309697 by kristiaanvandeneynde; joachim: Fixed variable mistake in entity_views_handler_relationship_by_bundle.
– Issue #2003826 by greenmother, stella, jazzdrive3, fago: Fixed template_preprocess_entity does not check for existing ‘path’ index.
– Issue #1104286: Support generating database schema for date properties.
– Issue #2013473 by fietserwin: Title attribute of image field not listed as possible token.
Fedora EPEL 6 Security Update: drupal7-entity-1.6-1.el6
Resolved Bugs
1196750 – drupal7-entity-1.6 is available<br
## 7.x-1.6
See [SA-CONTRIB-2015-053 – Entity API – Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905)
Changes since 7.x-1.5:
– by klausi: Sanitize field labels before passing them to the Token API.
– Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field.
– Issue #2039601 by DuaelFr, fago: Added Ease EntityMetadataWrapper usage with a getter.
– Issue #2160355 by wodenx, gmercer, fgm, jgullstr: Fixed Trying to get property of non-object in entity_metadata_user_access().
– Issue #1651824 by meatsack | joachim: Fixed ‘entity_test’ table has incorrect declaration of foreign keys.
– Issue #2309697 by kristiaanvandeneynde; joachim: Fixed variable mistake in entity_views_handler_relationship_by_bundle.
– Issue #2003826 by greenmother, stella, jazzdrive3, fago: Fixed template_preprocess_entity does not check for existing ‘path’ index.
– Issue #1104286: Support generating database schema for date properties.
– Issue #2013473 by fietserwin: Title attribute of image field not listed as possible token.