Closed (fixed)
Project:
Drupal.org CVS applications
Component:
co-maintainer application
Priority:
Normal
Category:
Task
Assigned:
Reporter:
Created:
30 Jan 2010 at 17:20 UTC
Updated:
16 Apr 2023 at 18:08 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
jimbullington commentedI have created a patch for the 5.x-2.2 version (Not on the list for some reason - http://ftp.drupal.org/files/projects/webform_report-5.x-2.2.tar.gz ) of the webform report module that (hopefully) corrects the XSS issues.
Comment #2
avpadernoThis CVS application requires then that somebody of the security team chimes in to report if the original security issue has been resolved from the module you propose.
Comment #3
jimbullington commentedgrendzy is reviewing the patches at http://drupal.org/node/550636. Let me know if I need to do anything else.
Comment #4
grendzy commentedsubscribe (I'll try to do another review soon).
Comment #5
avpadernoI am changing the status, waiting for grendzy (or somebody else from the security team) to report if the reported patch resolve the security issue reported for the original module.
@jimbullington: Thank you for applying for a CVS account, and contributing to Drupal.
Comment #6
grendzy commentedPatch #24 in #550636: Fix security vulnerabilities in webform report addresses all of the issues I could find.
Comment #7
avpadernoThank you, grendzy for having verified the patch.
Comment #8
avpadernoI granted jimbullington access to the project CVS. To become the current maintainer, another report should be open.
Comment #9
jimbullington commentedThanks kiamlaluno. Do I need to open another report under CVS applications or under webform report?
Comment #10
avpadernoThe offer to become project maintainer should be placed in the project queue, to allow the current maintainers to see it.
Comment #12
avpaderno