| Scoutnet vzw http://forum.scoutnet.be/ |
|
| [Drupal] Security announcements: Pblog - Incorrect report http://forum.scoutnet.be/viewtopic.php?f=19&t=2132 |
Pagina 1 van 1 |
| Auteur: | To [ 11 Jun 2008 18:28 ] |
| Titel: | [Drupal] Security announcements: Pblog - Incorrect report |
------------SA-2008-031 - PBLOG - INCORRECT VULNERABILITY REPORT------------ * Advisory ID: SA-2008-031 * Project: Pblog (third-party module) * Versions: none * Date: 2008-June-11 * Security risk: Not critical * Exploitable from: Remote * Subject: Incorrect vulnerability report ------------DESCRIPTION------------ Several 'security'-related sources claim - with SecurityFocus as source ([ http://www.securityfocus.com/bid/29495/info ]) - that the third-party Drupal module Pblog is vulnerable to SQL injection attacks. The Drupal security team has investigated the matter and concluded that these sources confuse the Drupal module Pblog and the blogging platform Life Type ([ http://lifetype.net/ ] , formerly plog). The Life Type team assured us that the 3 year old vulnerable version of pblog 1.0.x has been surpassed by later versions which do not contain this vulnerability. While we have not received any response from SecurityFocus, we hope corrections to their announcement will be made shortly. ------------CONTACT------------ The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact. |
|
| Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|