From owner-freebsd-security@FreeBSD.ORG Thu Oct 18 20:54:31 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4A81116A41A for ; Thu, 18 Oct 2007 20:54:31 +0000 (UTC) (envelope-from question@closedsrc.org) Received: from dalek.closedsrc.org (dalek.closedsrc.org [72.1.133.20]) by mx1.freebsd.org (Postfix) with ESMTP id 23C8D13C448 for ; Thu, 18 Oct 2007 20:54:29 +0000 (UTC) (envelope-from question@closedsrc.org) Received: by dalek.closedsrc.org (Postfix, from userid 5000) id 4512CCF08A; Thu, 18 Oct 2007 13:44:04 -0700 (PDT) Date: Thu, 18 Oct 2007 13:44:04 -0700 From: Linh Pham To: freebsd-security@freebsd.org Message-ID: <20071018204404.GA95280@dalek.internal.closedsrc.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8" Content-Disposition: inline Organization: closedsrc.org Mail-Copies-To: poster X-PGP-Key: http://closedsrc.org/~question/pubkey.asc User-Agent: Mutt/1.5.16 (2007-06-09) X-Mailman-Approved-At: Thu, 18 Oct 2007 21:01:34 +0000 Cc: nick@foobar.org Subject: www/drupal4 and www/drupal5: Multiple security vulnerabilities X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2007 20:54:31 -0000 --MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The Drupal project announced several security vulnerabilities for the 4.7.x and 5.x releases of the Drupal package. These effect two current ports: www/drupal4 and www/drupal5. The following are the security advisories that were posted: 4.7.x: * DRUPAL-SA-2007-024: http://drupal.org/node/184315 * DRUPAL-SA-2007-026: http://drupal.org/node/184320 * DRUPAL-SA-2007-030: http://drupal.org/node/184354 5.x: * DRUPAL-SA-2007-024: http://drupal.org/node/184315 * DRUPAL-SA-2007-025: http://drupal.org/node/184316 * DRUPAL-SA-2007-026: http://drupal.org/node/184320 * DRUPAL-SA-2007-029: http://drupal.org/node/184348 * DRUPAL-SA-2007-030: http://drupal.org/node/184354 While patches are available for 4.7.7 and 5.2, they recommend an update to the latest version of the respective branches (4.7.8 and 5.3). --=20 Linh Pham question@closedsrc.org http://closedsrc.org/ --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHF8WUwhofDeWkDMIRAp1CAJ4nh5WAliaDhXVqaZEKfKz4sBG9cACeJgcp ZOjLIt2GXDNThUGIHIpcPso= =A9oh -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8--