[BSA-071] Security Update for request-tracker4

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1 Dominic Hargreaves uploaded new packages for request-tracker4 which fixed the following security problems: CVE-2011-2082 The vulnerable-passwords scripts introduced for CVE-2011-0009 failed to correct the password hashes of disabled users. CVE-2011-2083 Several cross-site scripting issues have been discovered. CVE-2011-2084 Password hashes could be disclosed by privileged users. CVE-2011-2085 Several cross-site request forgery vulnerabilities have been …

SA-CORE-2012-002 – Drupal core multiple vulnerabilities

Advisory ID: DRUPAL-SA-CORE-2012-002 Project: Drupal core Version: 7.x Date: 2012-May-2 Security risk: Critical Exploitable from: Remote Vulnerability: Denial of Service, Access bypass, Unvalidated form redirect Description Denial of Service CVE: CVE-2012-1588 Drupal core’s text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal’s text matching …