[development] Fwd: [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code

Neil McGovern neilm at debian.org
Thu Jul 27 08:56:43 UTC 2006

On Wed, Jul 26, 2006 at 09:25:27PM -0400, James Walker wrote:
> On 26-Jul-06, at 7:06 PM, Larry Garfield wrote:
> >I recommend Debian upgrades its Drupal packages, too.  I understand  
> >Sarge,
> >but why does Sid include 4.5.x?
> >
> AFAIK, there isn't an active Debian maintainer for Drupal... killes?

That would be me. I also produced the security update.

Further info on plans with regard to drupal can be found at

Sid should include 4.7.2 shortly, which should propogate to etch in time
for the release, and I intend to remove the 2.5 packages as soon as

A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.drupal.org/pipermail/development/attachments/20060727/c6e18408/attachment.pgp

More information about the development mailing list