[SA-2007-{24,25,26,29,30}] Fix for several security issues in drupal 5.2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
drupal5 (Ubuntu) |
Fix Released
|
Medium
|
Kees Cook |
Bug Description
Binary package hint: drupal5
drupal5 (5.2-2ubuntu2.1) gutsy-security; urgency=low
* SECURITY UPDATE:
Fix several security issues found in drupal 5.2.
* Patches are taken from the drupal security announcements:
- SA-2007-024: HTTP response splitting
- SA-2007-025: Arbitrary code execution via installer
- SA-2007-026: Cross site scripting via uploads
- SA-2007-029: User deletion cross site request forgery
- SA-2007-030: API handling of unpublished comment
* References:
- SA-2007-024: http://
- SA-2007-025: http://
- SA-2007-026: http://
- SA-2007-029: http://
- SA-2007-030: http://
-- Michael Bienia <email address hidden> Sat, 20 Oct 2007 11:59:32 +0200
Thanks for getting these bundled up! I'm getting them built now.