[drupal-devel] Bug#323347: Another XMLRPC issue in drupal
Steve Langasek
vorlon at debian.org
Tue Aug 30 20:08:16 UTC 2005
On Tue, Aug 30, 2005 at 01:44:33PM +0200, Moritz Muehlenhoff wrote:
> Moritz Muehlenhoff wrote:
> > Package: drupal
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> > [I'm pretty sure you are already aware of it; but here it is anyway]
> > Another XMLRPC vulnerability has been detected that affects Drupal
> > as well. Please see http://www.hardened-php.net/advisory_142005.66.html
> > for information about the issue in general.
> > The new upstream release 4.5.4 resolves this issue.
> drupal's transition into testing doesn't take place, because the changelog
> of the fixed package didn't contain bug closers and the two RC security bugs
> prevent migration.
> So, please, either close them manually or with the next upload.
If the bugs are fixed in the current version then they should be closed
*now*, not waiting until the next upload.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://drupal3.drupal.org/pipermail/development/attachments/20050830/c550d61e/attachment.pgp
More information about the drupal-devel
mailing list