[drupal-devel] Bug#323347: Another XMLRPC issue in drupal

Steve Langasek vorlon at debian.org
Tue Aug 30 20:08:16 UTC 2005


On Tue, Aug 30, 2005 at 01:44:33PM +0200, Moritz Muehlenhoff wrote:
> Moritz Muehlenhoff wrote:
> > Package: drupal
> > Severity: grave
> > Tags: security
> > Justification: user security hole

> > [I'm pretty sure you are already aware of it; but here it is anyway]

> > Another XMLRPC vulnerability has been detected that affects Drupal
> > as well. Please see http://www.hardened-php.net/advisory_142005.66.html
> > for information about the issue in general. 

> > The new upstream release 4.5.4 resolves this issue.

> drupal's transition into testing doesn't take place, because the changelog
> of the fixed package didn't contain bug closers and the two RC security bugs
> prevent migration.
> So, please, either close them manually or with the next upload.

If the bugs are fixed in the current version then they should be closed
*now*, not waiting until the next upload.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://drupal3.drupal.org/pipermail/development/attachments/20050830/c550d61e/attachment.pgp


More information about the drupal-devel mailing list