[Pkg-drupal-devel] Security issues in Drupal 5.1 and 4.7.6
Moritz Muehlenhoff
jmm at inutil.org
Wed Aug 22 21:10:57 UTC 2007
Luigi Gangitano wrote:
>> But what about Drupal in Sarge?
>
> DRUPAL-SA-2007-017 affects any version of drupal < 4.7.7/5.2 so Sarge is
> affected. I'll try to produce a patch in the next few days, backporting
> fixes from 4.7.7.
Ok, I just checked the status of drupal in Sarge. Please look into these
as well
CVE-2007-0136 http://drupal.org/files/sa-2007-001/advisory.txt
CVE-2007-0124 doesn't smell important enough.
CVE-2007-0626 could be an issue, but I didn't look into it too deeply.
Cheers,
Moritz
More information about the Pkg-drupal-devel
mailing list