Ubuntu
drupal5 package

[SA-2007-{24,25,26,29,30}] Fix for several security issues in drupal 5.2

Bug #154811 reported by Michael Bienia
256
Affects Status Importance Assigned to Milestone
drupal5 (Ubuntu)
Fix Released
Medium
Kees Cook

Bug Description

Binary package hint: drupal5

drupal5 (5.2-2ubuntu2.1) gutsy-security; urgency=low

  * SECURITY UPDATE:
    Fix several security issues found in drupal 5.2.
  * Patches are taken from the drupal security announcements:
    - SA-2007-024: HTTP response splitting
    - SA-2007-025: Arbitrary code execution via installer
    - SA-2007-026: Cross site scripting via uploads
    - SA-2007-029: User deletion cross site request forgery
    - SA-2007-030: API handling of unpublished comment
  * References:
    - SA-2007-024: http://drupal.org/node/184315
    - SA-2007-025: http://drupal.org/node/184316
    - SA-2007-026: http://drupal.org/node/184320
    - SA-2007-029: http://drupal.org/node/184348
    - SA-2007-030: http://drupal.org/node/184354

 -- Michael Bienia <email address hidden> Sat, 20 Oct 2007 11:59:32 +0200

Revision history for this message
Michael Bienia (geser) wrote :
Revision history for this message
Kees Cook (kees) wrote :

Thanks for getting these bundled up! I'm getting them built now.

Changed in drupal5:
assignee: nobody → keescook
status: New → In Progress
Revision history for this message
Kees Cook (kees) wrote :

This has just now published. Should be visible shortly.

Changed in drupal5:
importance: Undecided → Medium
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.