1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
PublicDate: 2007-10-19
Candidate: CVE-2007-5597
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5597
Description:
The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does
not pass publication status, which might allow attackers to bypass access
restrictions and trigger e-mail with unpublished comments from some
modules, as demonstrated by (1) Organic groups and (2) Subscriptions.
Ubuntu-Description:
Notes:
Bugs:
https://bugs.launchpad.net/ubuntu/+source/drupal5/+bug/154811
Priority: low
Assigned-to:
upstream_drupal5: 5.3
dapper_drupal5: DNE
edgy_drupal5: DNE
feisty_drupal5: DNE
gutsy_drupal5: released (5.2-2ubuntu2.1)
devel_drupal5: not-affected (5.5-1ubuntu1)
|