From owner-freebsd-security@FreeBSD.ORG  Fri Oct 19 02:01:13 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7408516A420
	for <freebsd-security@freebsd.org>;
	Fri, 19 Oct 2007 02:01:13 +0000 (UTC) (envelope-from nick@foobar.org)
Received: from gran.netsource.ie (gran.netsource.ie [212.17.32.37])
	by mx1.freebsd.org (Postfix) with ESMTP id 34D4413C48D
	for <freebsd-security@freebsd.org>;
	Fri, 19 Oct 2007 02:01:12 +0000 (UTC) (envelope-from nick@foobar.org)
Received: from 87-198-16-4.ptr.magnet.ie ([87.198.16.4]
	helo=crumpet.foobar.org)
	by gran.netsource.ie with esmtp (Exim 3.36 #1)
	id 1Iievl-00037A-00; Fri, 19 Oct 2007 00:37:33 +0100
Message-ID: <4717EE3C.3050205@foobar.org>
Date: Fri, 19 Oct 2007 00:37:32 +0100
From: Nick Hilliard <nick@foobar.org>
User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728)
MIME-Version: 1.0
To: Linh Pham <question@closedsrc.org>
References: <20071018204404.GA95280@dalek.internal.closedsrc.org>
In-Reply-To: <20071018204404.GA95280@dalek.internal.closedsrc.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 19 Oct 2007 03:07:59 +0000
Cc: freebsd-security@freebsd.org
Subject: Re: www/drupal4 and www/drupal5: Multiple security vulnerabilities
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2007 02:01:13 -0000

Linh Pham wrote:
> The Drupal project announced several security vulnerabilities for the
> 4.7.x and 5.x releases of the Drupal package. These effect two current
> ports: www/drupal4 and www/drupal5.
> 
> The following are the security advisories that were posted:
> 
> 4.7.x:
> * DRUPAL-SA-2007-024: http://drupal.org/node/184315
> * DRUPAL-SA-2007-026: http://drupal.org/node/184320
> * DRUPAL-SA-2007-030: http://drupal.org/node/184354
> 
> 5.x:
> * DRUPAL-SA-2007-024: http://drupal.org/node/184315
> * DRUPAL-SA-2007-025: http://drupal.org/node/184316
> * DRUPAL-SA-2007-026: http://drupal.org/node/184320
> * DRUPAL-SA-2007-029: http://drupal.org/node/184348
> * DRUPAL-SA-2007-030: http://drupal.org/node/184354
> 
> While patches are available for 4.7.7 and 5.2, they recommend an update
> to the latest version of the respective branches (4.7.8 and 5.3).

I emailed security-team@ earlier today with patches for the vuxml database,
and will get patches for 4.7.8 and 5.3 in the next day or two.

Nick