From owner-freebsd-security@FreeBSD.ORG Sat Oct 20 04:46:00 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1142816A418 for ; Sat, 20 Oct 2007 04:46:00 +0000 (UTC) (envelope-from cmdlnkid@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.182]) by mx1.freebsd.org (Postfix) with ESMTP id B136713C45A for ; Sat, 20 Oct 2007 04:45:59 +0000 (UTC) (envelope-from cmdlnkid@gmail.com) Received: by py-out-1112.google.com with SMTP id u77so1424434pyb for ; Fri, 19 Oct 2007 21:45:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:date:from:reply-to:to:cc:subject:in-reply-to:message-id:references:x-openpgp-key:mime-version:content-type; bh=ojosHsHqZpX9D/YagEr70FxaVLdRXfe6xpfqfA7PVb4=; b=sl6K4Dr4Lqu5j/zresymvhQjsr9MRXtvEingzgFJ4UjGjiwfmnXKoPL5YCxefw5AafKQN12nRV4VmPmMWewFu1mdGARddnaY7vgV+zm7V8GRfIsU+zJsaQ8XINlLD1DI1Fs0o6hs0RUuHqjW+2pN7KdKGm2U8nXey3GjZytRwYY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:date:from:reply-to:to:cc:subject:in-reply-to:message-id:references:x-openpgp-key:mime-version:content-type; b=iI50hywr934HWgtV59G8UR4LkRxmw/XiKXgyT3/MhCimG3OcRtuMnBnQwq8dMfzd2nKpD12fujlOz9ydzUqTefW0+7kBRj1wbk4Y1uZgZCeQJQEVJNfD+MbiJRUAsYyjTA9IFjXaRIOmWQqgN1FWzhFAKsp9R/nSaJxNb0aTdik= Received: by 10.64.199.2 with SMTP id w2mr4904232qbf.1192853896028; Fri, 19 Oct 2007 21:18:16 -0700 (PDT) Received: from ppp-21.144.dialinfree.com ( [209.172.21.144]) by mx.google.com with ESMTPS id q13sm769034qbq.2007.10.19.21.18.11 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 19 Oct 2007 21:18:14 -0700 (PDT) Date: Sat, 20 Oct 2007 00:17:58 -0400 From: CmdLnKid To: Linh Pham In-Reply-To: <20071018204404.GA95280@dalek.internal.closedsrc.org> Message-ID: <20071020001527.B8089@cbynevgl.hper> References: <20071018204404.GA95280@dalek.internal.closedsrc.org> X-OpenPGP-Key: 0xDFFDD218 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Mailman-Approved-At: Sat, 20 Oct 2007 11:36:42 +0000 Cc: FreeBSD-Security Subject: Re: www/drupal4 and www/drupal5: Multiple security vulnerabilities X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: CmdLnKid List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Oct 2007 04:46:00 -0000 On Thu, 18 Oct 2007 13:44 -0700, question wrote: > The Drupal project announced several security vulnerabilities for the > 4.7.x and 5.x releases of the Drupal package. These effect two current > ports: www/drupal4 and www/drupal5. > > The following are the security advisories that were posted: > > 4.7.x: > * DRUPAL-SA-2007-024: http://drupal.org/node/184315 > * DRUPAL-SA-2007-026: http://drupal.org/node/184320 > * DRUPAL-SA-2007-030: http://drupal.org/node/184354 > > 5.x: > * DRUPAL-SA-2007-024: http://drupal.org/node/184315 > * DRUPAL-SA-2007-025: http://drupal.org/node/184316 > * DRUPAL-SA-2007-026: http://drupal.org/node/184320 > * DRUPAL-SA-2007-029: http://drupal.org/node/184348 > * DRUPAL-SA-2007-030: http://drupal.org/node/184354 > > While patches are available for 4.7.7 and 5.2, they recommend an update > to the latest version of the respective branches (4.7.8 and 5.3). > PS: This isn't FreeBSD specific (...) -> *ports*@ -> *maintainer*@ -- - (2^(N-1))