Linh Pham
2007-Oct-18 14:01 UTC
www/drupal4 and www/drupal5: Multiple security vulnerabilities
The Drupal project announced several security vulnerabilities for the 4.7.x and 5.x releases of the Drupal package. These effect two current ports: www/drupal4 and www/drupal5. The following are the security advisories that were posted: 4.7.x: * DRUPAL-SA-2007-024: http://drupal.org/node/184315 * DRUPAL-SA-2007-026: http://drupal.org/node/184320 * DRUPAL-SA-2007-030: http://drupal.org/node/184354 5.x: * DRUPAL-SA-2007-024: http://drupal.org/node/184315 * DRUPAL-SA-2007-025: http://drupal.org/node/184316 * DRUPAL-SA-2007-026: http://drupal.org/node/184320 * DRUPAL-SA-2007-029: http://drupal.org/node/184348 * DRUPAL-SA-2007-030: http://drupal.org/node/184354 While patches are available for 4.7.7 and 5.2, they recommend an update to the latest version of the respective branches (4.7.8 and 5.3). -- Linh Pham question@closedsrc.org http://closedsrc.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20071018/9236c22a/attachment.pgp
Nick Hilliard
2007-Oct-18 20:08 UTC
www/drupal4 and www/drupal5: Multiple security vulnerabilities
Linh Pham wrote:> The Drupal project announced several security vulnerabilities for the > 4.7.x and 5.x releases of the Drupal package. These effect two current > ports: www/drupal4 and www/drupal5. > > The following are the security advisories that were posted: > > 4.7.x: > * DRUPAL-SA-2007-024: http://drupal.org/node/184315 > * DRUPAL-SA-2007-026: http://drupal.org/node/184320 > * DRUPAL-SA-2007-030: http://drupal.org/node/184354 > > 5.x: > * DRUPAL-SA-2007-024: http://drupal.org/node/184315 > * DRUPAL-SA-2007-025: http://drupal.org/node/184316 > * DRUPAL-SA-2007-026: http://drupal.org/node/184320 > * DRUPAL-SA-2007-029: http://drupal.org/node/184348 > * DRUPAL-SA-2007-030: http://drupal.org/node/184354 > > While patches are available for 4.7.7 and 5.2, they recommend an update > to the latest version of the respective branches (4.7.8 and 5.3).I emailed security-team@ earlier today with patches for the vuxml database, and will get patches for 4.7.8 and 5.3 in the next day or two. Nick
CmdLnKid
2007-Oct-20 04:36 UTC
www/drupal4 and www/drupal5: Multiple security vulnerabilities
On Thu, 18 Oct 2007 13:44 -0700, question wrote:> The Drupal project announced several security vulnerabilities for the > 4.7.x and 5.x releases of the Drupal package. These effect two current > ports: www/drupal4 and www/drupal5. > > The following are the security advisories that were posted: > > 4.7.x: > * DRUPAL-SA-2007-024: http://drupal.org/node/184315 > * DRUPAL-SA-2007-026: http://drupal.org/node/184320 > * DRUPAL-SA-2007-030: http://drupal.org/node/184354 > > 5.x: > * DRUPAL-SA-2007-024: http://drupal.org/node/184315 > * DRUPAL-SA-2007-025: http://drupal.org/node/184316 > * DRUPAL-SA-2007-026: http://drupal.org/node/184320 > * DRUPAL-SA-2007-029: http://drupal.org/node/184348 > * DRUPAL-SA-2007-030: http://drupal.org/node/184354 > > While patches are available for 4.7.7 and 5.2, they recommend an update > to the latest version of the respective branches (4.7.8 and 5.3). >PS: This isn't FreeBSD specific (...) -> *ports*@ -> *maintainer*@ -- - (2^(N-1))