[Secure-testing-team] DRUPAL-SA-2007-031 - SQL injection in certain contributed modules
Luigi Gangitano
luigi at debian.org
Fri Dec 7 23:15:53 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
a new vulnerability has been reported today in drupal. SQL injection
is possible when some contributed modules uses
taxonomy_select_nodes(). Default installation of drupal in debian is
not vulnerable, since no contributed module is installed by default.
This vulnerability has been fixed in drupal5_5.5-1 and
drupal_4.7.10-1, now in sid and in testing as soon as the one day
delay is over. There is no drupal in etch.
Regards,
L
- --
Luigi Gangitano -- <luigi at debian.org> -- <gangitano at lugroma3.org>
GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFHWdQr8ZumGJJMDCYRAlw7AJ0R5Zldnnm/0G2vjEg8Nq3cpYT+LQCdFCzv
E2gxkOD9CZdma8t2bGVCUeI=
=BDL3
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list