Date: Fri, 19 Oct 2007 00:37:32 +0100 From: Nick Hilliard <nick@foobar.org> To: Linh Pham <question@closedsrc.org> Cc: freebsd-security@freebsd.org Subject: Re: www/drupal4 and www/drupal5: Multiple security vulnerabilities Message-ID: <4717EE3C.3050205@foobar.org> In-Reply-To: <20071018204404.GA95280@dalek.internal.closedsrc.org> References: <20071018204404.GA95280@dalek.internal.closedsrc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Linh Pham wrote: > The Drupal project announced several security vulnerabilities for the > 4.7.x and 5.x releases of the Drupal package. These effect two current > ports: www/drupal4 and www/drupal5. > > The following are the security advisories that were posted: > > 4.7.x: > * DRUPAL-SA-2007-024: http://drupal.org/node/184315 > * DRUPAL-SA-2007-026: http://drupal.org/node/184320 > * DRUPAL-SA-2007-030: http://drupal.org/node/184354 > > 5.x: > * DRUPAL-SA-2007-024: http://drupal.org/node/184315 > * DRUPAL-SA-2007-025: http://drupal.org/node/184316 > * DRUPAL-SA-2007-026: http://drupal.org/node/184320 > * DRUPAL-SA-2007-029: http://drupal.org/node/184348 > * DRUPAL-SA-2007-030: http://drupal.org/node/184354 > > While patches are available for 4.7.7 and 5.2, they recommend an update > to the latest version of the respective branches (4.7.8 and 5.3). I emailed security-team@ earlier today with patches for the vuxml database, and will get patches for 4.7.8 and 5.3 in the next day or two. Nick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4717EE3C.3050205>