[development] Fwd: [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code

Neil McGovern neilm at debian.org
Thu Jul 27 08:56:43 UTC 2006


On Wed, Jul 26, 2006 at 09:25:27PM -0400, James Walker wrote:
> 
> On 26-Jul-06, at 7:06 PM, Larry Garfield wrote:
> 
> >I recommend Debian upgrades its Drupal packages, too.  I understand  
> >Sarge,
> >but why does Sid include 4.5.x?
> >
> 
> AFAIK, there isn't an active Debian maintainer for Drupal... killes?
> 
> 

That would be me. I also produced the security update.

Further info on plans with regard to drupal can be found at
http://lists.alioth.debian.org/pipermail/pkg-drupal-devel/2006-July/000005.html

Sid should include 4.7.2 shortly, which should propogate to etch in time
for the release, and I intend to remove the 2.5 packages as soon as
possible.

Cheers,
Neil
-- 
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.drupal.org/pipermail/development/attachments/20060727/c6e18408/attachment.pgp


More information about the development mailing list