-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 8 Jul 2005 00:30:37 +0200 Source: drupal Binary: drupal Architecture: source all Version: 4.5.3-3 Distribution: stable-security Urgency: high Maintainer: Hilko Bengen <bengen@debian.org> Changed-By: Hilko Bengen <bengen@debian.org> Description: drupal - fully-featured content management/discussion engine Changes: drupal (4.5.3-3) stable-security; urgency=HIGH . * Maintainer upload for the Security Team * Upstream has announced that two vulnerabilities which are fixed in this version: . - CAN-2005-2116 / DRUPAL-SA-2005-003: Through the bundled xmlrpc module, an attacker could execute arbitrary PHP code (see http://drupal.org/files/sa-2005-002/advisory.txt). . - CAN-2005-2106 / DRUPAL-SA-2005-002: Through a flaw in the input validation routines, an attacker could execute arbitrary PHP code when public comments or postings were allowed (see http://drupal.org/files/sa-2005-003/advisory.txt). Files: 0eb3f7233e0c83f4524784381338ddda 609 web extra drupal_4.5.3-3.dsc bf093c4c8aca7bba62833ea1df35702f 471540 web extra drupal_4.5.3.orig.tar.gz 42582f8972fd4adb5d7e08712f80912c 43573 web extra drupal_4.5.3-3.diff.gz 0af9a174268a7bfb83b523b452076e7b 487404 web extra drupal_4.5.3-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCzbIYUCgnLz/SlGgRAi1wAKCvd2AUtdbx7VZAk4xd0bX3k4va1wCfVas5 RDwNbui+ItQOrLbgiAuLHG8= =YUOp -----END PGP SIGNATURE----- Accepted: drupal_4.5.3-3.diff.gz to pool/main/d/drupal/drupal_4.5.3-3.diff.gz drupal_4.5.3-3.dsc to pool/main/d/drupal/drupal_4.5.3-3.dsc drupal_4.5.3-3_all.deb to pool/main/d/drupal/drupal_4.5.3-3_all.deb -- To UNSUBSCRIBE, email to debian-testing-changes-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org