On Tue, Aug 30, 2005 at 01:44:33PM +0200, Moritz Muehlenhoff wrote:
Moritz Muehlenhoff wrote:
Package: drupal Severity: grave Tags: security Justification: user security hole
[I'm pretty sure you are already aware of it; but here it is anyway]
Another XMLRPC vulnerability has been detected that affects Drupal as well. Please see http://www.hardened-php.net/advisory_142005.66.html for information about the issue in general.
The new upstream release 4.5.4 resolves this issue.
drupal's transition into testing doesn't take place, because the changelog of the fixed package didn't contain bug closers and the two RC security bugs prevent migration. So, please, either close them manually or with the next upload.
If the bugs are fixed in the current version then they should be closed *now*, not waiting until the next upload. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@debian.org http://www.debian.org/