[development] Fwd: [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code

Khalid B kb at 2bits.com
Thu Jul 27 03:37:18 UTC 2006 

>> is that under Debian when someone does apt-get upgrade, they expect that the
>> package gets upgraded seemlessly the Debian Way.
>>
> While I have no interest in seeing a Debian package of Drupal I do think a
> Ubuntu Server package of Drupal on reliable 6 month release cycles is
> reasonable.

I am not using Debian myself, but use Ubuntu too for my servers (test
and production).

> Adrian is talking with Shuttleworth Foundation and we should be keeping an
> eye towards seeing Drupal as the CMS platform of choice for these kinds of
> foundations.

That is great.

>From the technical point of view, solving  it for Ubuntu is exactly the same
as solving it for Debian, since Ubuntu is just a variant of Debian and rely on
them as their upstream.

Whether Debian's policy allows newer pacakges to get in or not is beyond our
control. Putting the package  in the Ubuntu universe or multiverse repository
may be all that is needed.

Here is the Drupal package info for Ubuntu 6.06 LTS server.

# apt-cache show drupal
Package: drupal
Priority: extra
Section: universe/web
Installed-Size: 1944
Maintainer: Hilko Bengen <bengen at debian.org>
Architecture: all
Version: 4.5.8-1
Depends: debconf (>= 1.2.0) | debconf-2.0, apache2 | httpd, php4-cli,
libapache2-mod-php4 | libapache-mod-php4 | php4-cgi, php4-mysql |
php4-pgsql, exim4 | mail-transport-agent, wwwconfig-common (>=
0.0.37), mysql-client | virtual-mysql-client | postgresql-client,
makepasswd
Recommends: mysql-server | postgresql
Suggests: libapache-mod-ssl | apache-ssl
Filename: pool/universe/d/drupal/drupal_4.5.8-1_all.deb
Size: 488036
MD5sum: e2ede48b249e07b0d73a6c99082509e1
Description: fully-featured content management/discussion engine
 Drupal is a dynamic web site platform which allows an individual or
 community of users to publish, manage and organize a variety of
 content, Drupal integrates many popular features of content
 management systems, weblogs, collaborative tools and discussion-based
 community software into one easy-to-use package.
 .
 More information about is available at http://www.drupal.org
Bugs: mailto:ubuntu-users at lists.ubuntu.com
Origin: Ubuntu

As you can see, it is 4.5.8 still. Way behind.

More information about the development mailing list