| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAPiX_Kn9GH_O-+QE+7yJ3_SpLWCQidVqZVkh+cY2rpHHf-LQw@mail.gmail.com> Date: Mon, 3 Oct 2011 18:36:26 -0600 From: Greg Knaddison <greg.knaddison@...uia.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Vulnerability in multiple themes for Drupal /* Pardon my failure to thread this properly. I just subscribed so future responses can be threaded properly. */ http://seclists.org/fulldisclosure/2011/Oct/22 reports vulnerabilities in several themes based on the cumulus.swf file. That file is not present in those themes in the format distributed from drupal.org. For example, http://drupalcode.org/project/danland.git/tree/refs/heads/6.x-3.x shows there is no cumulus.swf in the danland theme which was one of the themes listed as vulnerable by mustlive. Since there is no vulnerability in these themes the Drupal Security Team will not be making an announcement about them. Regards, Greg Knaddison, a member of the Drupal Security Team speaking my own behalf -- Director Security Services Skype: greg.knaddison | http://twitter.com/greggles | http://acquia.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists