[support] Clarification on Latest Security Upgrade
KOBA | Hans Rossel
hans.rossel at koba.be
Thu Feb 26 20:00:05 UTC 2009
If you look at the patch
http://drupal.org/files/sa-core-2009-003/SA-CORE-2009-003-6.9.patchyou can
see it's just adding one single line $arg = str_replace(array('/', '\\',
'\0'), '', $arg); to theme.inc for Drupal 6.9.
So if you have no immediate time to really do a full upgrade all your sites
right now, its very quick and easy to just add that little line for the
moment and feel safe.
Greetings,
Hans
2009/2/26 Shai Gluskin <shai at content2zero.com>
> Gang,
>
> I'm a bit confused by the wording regarding the latest security upgrade to
> core. Usually these announcements are pretty explicit about what situations
> make you vulnerable and which situations are not vulnerable.
>
> It would seem, by deduction, that a Drupal install running an any server
> software other than Windows is *not *vulnerable. Can someone verify that?
>
> I'll certainly upgrade my sites, given how many bug fixes are also
> included... but I'd like a better handle on the urgency of things.
>
> Shai
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
--
Hans Rossel
KOBA Webdevelopment
Kerkstraat 228
9050 Gent
09-334.52.60
0472-79.32.16
www.koba.be
info at koba.be
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20090226/6e7d54d8/attachment.htm
More information about the support
mailing list