Sicherheit: Cross-Site Scripting in drupal6-ctools
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in drupal6-ctools
ID: FEDORA-2012-19508
Distribution: Fedora
Plattformen: Fedora 18
Datum: Sa, 12. Januar 2013, 22:59
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5559
Applikationen: Drupal


Name        : drupal6-ctools
Product : Fedora 18
Version : 1.10
Release : 1.fc18
URL : http://drupal.org/project/ctools
Summary : This suite is primarily a set of APIs and tools
Description :
This suite is primarily a set of APIs and tools
to improve the developer experience.
It also contains a module called the Page Manager whose job is to manage pages.
In particular it manages panel pages,
but as it grows it will be able to manage far more than just Panels.

For the moment, it includes the following tools:

Plug-ins -- tools to make it easy for modules
to let other modules implement plug-ins from .inc files.

Ex-portables -- tools to make it easier for modules to have objects
that live in database or live in code, such as 'default views'.

AJAX responder -- tools to make it easier for the server to handle AJAX
and tell the client what to do with them.

Form tools -- tools to make it easier for forms to deal with AJAX.

Object caching -- tool to make it easier to edit an object
across multiple page requests and cache the editing work.

Contexts -- the notion of wrapping objects in a unified wrapper
and providing an API to create and accept these contexts as input.

Modal dialog -- tool to make it simple to put a form in a modal dialog.

Dependent -- a simple form widget to make form items appear
and disappear based upon the selections in another item.

Content -- plug-gable content types used as panes in Panels
and other modules like Dashboard.

Form wizard -- an API to make multiple-step forms much easier.

CSS tools -- tools to cache and sanitize CSS easily to make user-input CSS

Update Information:

New security fix, http://drupal.org/node/1841030.

* Fri Nov 30 2012 Peter Borsa <peter.borsa@gmail.com> - 1.10-1
- Fix BZ#881987
- Fix BZ#881988
* Thu Aug 16 2012 Peter Borsa <peter.borsa@gmail.com> - 1.9-1
- New upstream version.

[ 1 ] Bug #881986 - CVE-2012-5559 drupal6-ctools: XSS flaw

This update can be installed with the "yum" update program. Use
su -c 'yum update drupal6-ctools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten