[development] Fwd: [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code

Darrel O'Pry dopry at thing.net
Thu Jul 27 18:12:13 UTC 2006


On Thu, 2006-07-27 at 09:56 +0100, Neil McGovern wrote:
> On Wed, Jul 26, 2006 at 09:25:27PM -0400, James Walker wrote:
> > 
> > AFAIK, there isn't an active Debian maintainer for Drupal... killes?
> 
> That would be me. I also produced the security update.
> 
> Further info on plans with regard to drupal can be found at
> http://lists.alioth.debian.org/pipermail/pkg-drupal-devel/2006-July/000005.html
> 
> Sid should include 4.7.2 shortly, which should propogate to etch in time
> for the release, and I intend to remove the 2.5 packages as soon as
> possible.

I'm personally of the opinion that php apps shouldn't generally be
packaged by distros because of the upgrade issues and the fact that it
isn't really a compiled binary aka not dependent on the rest of the
distributions libraries. But splitting the packages  by version and
letting the distro's users deal with the upgrade path seems like a good
idea.



More information about the development mailing list