Back to drupal PTS page

Accepted drupal 4.5.3-4 (source all)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 16 Aug 2005 13:48:32 +0200
Source: drupal
Binary: drupal
Architecture: source all
Version: 4.5.3-4
Distribution: stable-security
Urgency: high
Maintainer: Hilko Bengen <bengen@debian.org>
Changed-By: Hilko Bengen <bengen@debian.org>
Description: 
 drupal     - fully-featured content management/discussion engine
Changes: 
 drupal (4.5.3-4) stable-security; urgency=HIGH
 .
   * Maintainer upload for the Security Team
   * Fixes the following XMLRPC vulnerability:
 .
     CAN-2005-2498 / DRUPAL-SA-2005-004: Through the bundled xmlrpc module,
     an attacker could execute arbitrary PHP code on the target site (see
     http://drupal.org/files/sa-2005-004/advisory.txt).
 .
   * includes/xmlrpc.inc and includes/xmlrpcs.inc have been replaced by
     new upstream versions from http://phpxmlrpc.sourceforge.net/
   * Added copyright statement to documentation.
Files: 
 eedec6415db7933b2583cd49953a29aa 609 web extra drupal_4.5.3-4.dsc
 bf093c4c8aca7bba62833ea1df35702f 471540 web extra drupal_4.5.3.orig.tar.gz
 877a0f759e9f3443cbf7075d84a4dc91 70443 web extra drupal_4.5.3-4.diff.gz
 0fa1c9826ea5d4528369d418c8bae13b 497672 web extra drupal_4.5.3-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDAe6kUCgnLz/SlGgRAnPmAJsEokHsTiSw3kuJ5ciz+WJA282QuwCg4cPF
uqGGnTkMSZKvfMbvFTU9mho=
=WIGQ
-----END PGP SIGNATURE-----


Accepted:
drupal_4.5.3-4.diff.gz
  to pool/main/d/drupal/drupal_4.5.3-4.diff.gz
drupal_4.5.3-4.dsc
  to pool/main/d/drupal/drupal_4.5.3-4.dsc
drupal_4.5.3-4_all.deb
  to pool/main/d/drupal/drupal_4.5.3-4_all.deb