Accepted drupal 5.1-0ubuntu2.1 (source)
Ubuntu Installer
archive at ubuntu.com
Thu Sep 6 19:55:23 BST 2007
Accepted:
OK: drupal_5.1.orig.tar.gz
OK: drupal_5.1-0ubuntu2.1.diff.gz
OK: drupal_5.1-0ubuntu2.1.dsc
-> Component: universe Section: web
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 06 Sep 2007 17:30:34 +0200
Source: drupal
Binary: drupal-5.1
Architecture: source
Version: 5.1-0ubuntu2.1
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Stephan Hermann <sh at sourcecode.de>
Description:
drupal-5.1 - a fully-featured content management framework
Changes:
drupal (5.1-0ubuntu2.1) feisty-security; urgency=low
.
* SECURITY UPDATE:
Drupal 5.1 has some security flaws, which were detected.
Those were remote exploits namely
- Multiple cross site request forgeries
- Multiple cross site scripting vulnerabilities
+ Further readings:
http://drupal.org/node/162364
* debian/patches/*
- Added 20_SA-2007-017-5.1.dpatch, which fixes the cross site request
forgeries
- Added 21_SA-2007-018-5.1.dpatch, which fixes the cross site scripting
vulnerabilities
* References:
+ Drupal Advisories:
- http://drupal.org/node/162360 (SA-2007-017-5.1)
- http://drupal.org/node/162361 (SA-2007-018.5.1)
+ CVE:
- CVE-2007-4064 (Cross Site Scripting Vulnerability)
- CVE-2007-4063 (Cross Site Forgery)
Files:
74e7bd797c9262b462a41f20392f4751 660 web extra drupal_5.1-0ubuntu2.1.dsc
1f4235de2bdc593b0427ba27cadf6b0d 33165 web extra drupal_5.1-0ubuntu2.1.diff.gz
Original-Maintainer: Luigi Gangitano <luigi at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG4CdHH/9LqRcGPm0RAr4aAJ4+Iw4467ybRx+SjkKLG99uslGvtgCgm4qX
uTbA7Jowog9ph2y/Aif0vZI=
=W+3D
-----END PGP SIGNATURE-----
More information about the feisty-changes
mailing list