Security Issue with ubuntu-drupal-theme

Michael Lustfield mtecknology at
Wed Oct 20 22:11:24 BST 2010

I want to make everyone aware of a security issue that resulted in the
ubuntu-drupal-theme project. The old theme (6.x-brown) generated an
image "on the fly" from two colors given to it. The issue happens at
the point where the two colors are given. Without given too horribly
much detail, it's through this file that directory traversal is

Once made aware of the issue the Drupal security and I worked to
quickly yet effectively push the resolution to all sources.

You are very highly encouraged to update your theme if you are using
the old branch. The resolution was to just replace that PHP file with a
static image as nobody seems to have elected changing it anyway.

In addition, I would like to mention that the new light-drupal-theme is
in a position to be used by whoever is interested.

So please, update your version of the theme asap. I'm sorry about any
issues that occurred because of this.
Michael Lustfield
Kalliki Software, LLC

Network and Systems Administrator

More information about the loco-contacts mailing list