SA-CONTRIB-2012-080 hasn't been applied to 6.x-2.x

I'm informed by Omega8cc that the security fixes from SA-CONTRIB-2012-080 have not been applied to 6.x-2.x.

Comments

Comment #1

steven jones commented 7 January 2013 at 07:20

http://drupalcode.org/project/hostmaster.git/patch/8a6110143056406813819... looks to have been applied correctly already.

Log in or register to post comments

Comment #2

steven jones commented 7 January 2013 at 07:23

Status:

Active

» Closed (fixed)

http://drupalcode.org/project/hostmaster.git/commit/9476561780dfd1bca39c... has been applied too, so actually both the patches in this security release were already included in 6.x-2.x.

Log in or register to post comments

Comment #3

omega8cc commented 7 January 2013 at 12:47

Just for the record: the patch related to #1585678: SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass and Cross Site Scripting (XSS) from May 16, 2012 has been included by anarcat on November 16, 2012 *after* I reported this on the IRC, so before you have created this issue here.

Log in or register to post comments

Comment #4

steven jones commented 7 January 2013 at 12:51

Yeah that's fine, I just wanted to record and make sure that all the patches got applied.

Log in or register to post comments