www/drupal4 and www/drupal5: Multiple security vulnerabilities
Nick Hilliard
nick at foobar.org
Thu Oct 18 19:01:13 PDT 2007
Linh Pham wrote:
> The Drupal project announced several security vulnerabilities for the
> 4.7.x and 5.x releases of the Drupal package. These effect two current
> ports: www/drupal4 and www/drupal5.
>
> The following are the security advisories that were posted:
>
> 4.7.x:
> * DRUPAL-SA-2007-024: http://drupal.org/node/184315
> * DRUPAL-SA-2007-026: http://drupal.org/node/184320
> * DRUPAL-SA-2007-030: http://drupal.org/node/184354
>
> 5.x:
> * DRUPAL-SA-2007-024: http://drupal.org/node/184315
> * DRUPAL-SA-2007-025: http://drupal.org/node/184316
> * DRUPAL-SA-2007-026: http://drupal.org/node/184320
> * DRUPAL-SA-2007-029: http://drupal.org/node/184348
> * DRUPAL-SA-2007-030: http://drupal.org/node/184354
>
> While patches are available for 4.7.7 and 5.2, they recommend an update
> to the latest version of the respective branches (4.7.8 and 5.3).
I emailed security-team@ earlier today with patches for the vuxml database,
and will get patches for 4.7.8 and 5.3 in the next day or two.
Nick
More information about the freebsd-security
mailing list