Ubuntu
drupal5 package

generally unsecure drupal5 packages

Bug #352644 reported by Andreas Olsson
258
Affects Status Importance Assigned to Milestone
drupal5 (Ubuntu)
Invalid
Undecided
Scott Testerman

Bug Description

Binary package hint: drupal5

Seems like drupal5 packages both in Hardy and Intrepid are in a rather bad shape security wise.

The drupal5 package in Hardy (drupal5 5.7-1ubuntu1.1) had its most recent update 18 Jul 2008.
The drupal5 package in Intrepid (drupal5 5.10-1ubuntu1) had its most recent update 15 Aug 2008.

Since then there have been several Security advisories regarding Drupal 5.x.

http://drupal.org/node/358957 (Moderately Critical)
http://drupal.org/node/345441 (Moderately Critical)
http://drupal.org/node/324824 (Less Critical)
http://drupal.org/node/318706 (Critical)
http://drupal.org/node/295053 (Highly critical)
http://drupal.org/node/286417 (Less critical)

Taken from http://drupal.org/security

It is possible that there might be older Security advisories which also applies.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. This package is in universe and is community supported. If you are able, perhaps you could prepare debdiffs to fix this by following https://wiki.ubuntu.com/SecurityUpdateProcedures.

visibility: private → public
Changed in drupal5 (Ubuntu):
status: New → Confirmed
Revision history for this message
Bhavani Shankar (bhavi) wrote :

I think we can backport jaunty version into intrepid

Revision history for this message
Bhavani Shankar (bhavi) wrote :

I m on a hardy box right now and I can test and request a backport I think

Changed in drupal5 (Ubuntu):
assignee: nobody → Bhavani Shankar (bhavi)
status: Confirmed → In Progress
Revision history for this message
Bhavani Shankar (bhavi) wrote :

My hardy system is broken and I need a full reinstall now and I fear I can no longer work on this :(

Changed in drupal5 (Ubuntu):
assignee: Bhavani Shankar (bhavi) → nobody
status: In Progress → Confirmed
Scott Testerman (scott-testerman)
Changed in drupal5 (Ubuntu):
assignee: nobody → Scott Testerman (scott-testerman)
status: Confirmed → In Progress
Kees Cook (kees)
Changed in drupal5 (Ubuntu):
status: In Progress → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.