[development] Fwd: [SECURITY] [DSA 1125-1] New drupal packages
fix execution of arbitrary web script code
Darrel O'Pry
dopry at thing.net
Thu Jul 27 18:12:13 UTC 2006
On Thu, 2006-07-27 at 09:56 +0100, Neil McGovern wrote:
> On Wed, Jul 26, 2006 at 09:25:27PM -0400, James Walker wrote:
> >
> > AFAIK, there isn't an active Debian maintainer for Drupal... killes?
>
> That would be me. I also produced the security update.
>
> Further info on plans with regard to drupal can be found at
> http://lists.alioth.debian.org/pipermail/pkg-drupal-devel/2006-July/000005.html
>
> Sid should include 4.7.2 shortly, which should propogate to etch in time
> for the release, and I intend to remove the 2.5 packages as soon as
> possible.
I'm personally of the opinion that php apps shouldn't generally be
packaged by distros because of the upgrade issues and the fact that it
isn't really a compiled binary aka not dependent on the rest of the
distributions libraries. But splitting the packages by version and
letting the distro's users deal with the upgrade path seems like a good
idea.
More information about the development
mailing list