I just received the July 23rd announcement of session fixation from the security mailing list.
------------SA-2008-046 - DRUPAL CORE - SESSION FIXATION------------
* Advisory ID: DRUPAL-SA-2008-046 ... * Date: 2008-July-23
... but the headers say
Received: from www1.drupal.org (www1.drupal.org [140.211.166.61]) by fraxinus.osuosl.org (Postfix) with ESMTP id F241F3C700 for mail@webthatworks.it; Thu, 31 Jul 2008 06:03:15 +0000 (UTC) Received: by www1.drupal.org (Postfix, from userid 81) id F072D16B4E8; Thu, 31 Jul 2008 06:03:15 +0000 (UTC)
fortunately I upgraded much before... but the email was actually sent today.
Actually, I've noticed some other email date / arrival date oddities with the security list. I just received an email sent by a user to the security list a week ago (I'm a member of the security team). So maybe there's some email delay problems at OSUOSL that are affecting mail in both directions?
On Thu, Jul 31, 2008 at 2:56 AM, Ivan Sergio Borgonovo mail@webthatworks.it wrote:
I just received the July 23rd announcement of session fixation from the security mailing list.
------------SA-2008-046 - DRUPAL CORE - SESSION FIXATION------------
- Advisory ID: DRUPAL-SA-2008-046
...
- Date: 2008-July-23
... but the headers say
Received: from www1.drupal.org (www1.drupal.org [140.211.166.61]) by fraxinus.osuosl.org (Postfix) with ESMTP id F241F3C700 for mail@webthatworks.it; Thu, 31 Jul 2008 06:03:15 +0000 (UTC) Received: by www1.drupal.org (Postfix, from userid 81) id F072D16B4E8; Thu, 31 Jul 2008 06:03:15 +0000 (UTC)
On Thu, 31 Jul 2008 11:00:12 -0500 "Chris Johnson" cxjohnson@gmail.com wrote:
Actually, I've noticed some other email date / arrival date oddities with the security list. I just received an email sent by a user to the security list a week ago (I'm a member of the security team). So maybe there's some email delay problems at OSUOSL that are affecting mail in both directions?
If it's not easy to monitor sec ml or make it more reliable I'd add a couple of lines: http://drupal.org/support and http://drupal.org/drupal-6.3 to advise people to subscribe to the rss too.
-
Chris Johnson -
Ivan Sergio Borgonovo