[Pkg-drupal-devel] Security issues in Drupal 5.1 and 4.7.6
Luigi Gangitano
luigi at debian.org
Fri Jul 27 16:43:36 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi security team,
two vulnerabilities have been found in recent version of drupal:
DRUPAL-SA-2007-017: cross site request forgeries in Forms API, drupal
5.x before 5.2 is affected, drupal 4.7.x is _not_ affected (no CVE-ID
assigned, atm)
DRUPAL-SA-2007-018: XSS in server variables, drupal 5.x before 5.2 is
affected, drupal 4.7.x before 4.7.7 is affected (no CVE-ID assigned,
atm)
Two new packages (drupal-4.7_4.7.7-1 and drupal5_5.2-1) have ben
uploaded last night with fixes.
Testing will be affected by both vulnerabilities until drupal5
migrates (uploaded with urgency high).
Etch is not affected.
Regards,
L
- --
Luigi Gangitano -- <luigi at debian.org> -- <gangitano at lugroma3.org>
GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFGqiC68ZumGJJMDCYRAgOFAKCGA2aYfumw9W7A+tvagFrqqcIO+ACeLVlP
PxuBKTo4HPzy1nF+SHLbWkQ=
=J8SH
-----END PGP SIGNATURE-----
More information about the Pkg-drupal-devel
mailing list