| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAPiX_+dqiweW8s5eNF1HKCDkJ11-iOSUKoMz+78yB6VmzBMvA@mail.gmail.com> Date: Thu, 29 Mar 2012 06:35:06 -0600 From: Greg Knaddison <greg.knaddison@...uia.com> To: "Justin C. Klein Keane" <justin@...irish.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Security-news] SA-CONTRIB-2012-051 - Activity - Multiple Vulnerablities I should note that Justin was a reporter of the issue to the Drupal Security Team. When writing the advisory he was mistakenly excluded. That's been corrected in the html version of this advisory http://drupal.org/node/1506562 On Wed, Mar 28, 2012 at 4:40 PM, Justin C. Klein Keane <justin@...irish.net> wrote: > Exploit for bespoke: > <snip> > Patch: <snip> Note that Justin's POC and patch below only address the XSS issue and not the CSRF issue. Regards, Greg -- Director Security Services | +1-720-310-5623 Skype: greg.knaddison | http://twitter.com/greggles | http://acquia.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists