-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 29 Nov 2005 21:48:51 +0100 Source: drupal Binary: drupal Architecture: source all Version: 4.5.6-1 Distribution: unstable Urgency: high Maintainer: Hilko Bengen <bengen@debian.org> Changed-By: Hilko Bengen <bengen@debian.org> Description: drupal - fully-featured content management/discussion engine Closes: 338772 Changes: drupal (4.5.6-1) unstable; urgency=high . * New upstream version * Fixes three security vulnerabilities: - DRUPAL-SA-2005-007: Cross-site-scripting vulnerability - DRUPAL-SA-2005-008: It was possible to attach files that are able to run Javascript under Internet Explorer. - DRUPAL-SA-2005-009: It was possible to bypass the 'access user profile' permission if the server was running PHP5 * [Daniel Nylander <yeager@lidkoping.net>] Added Swedish Debconf translation (Closes: #338772) * Changed dependencies to be more liberal about HTTP servers * Fixed misleading documentation about virtual host configuration Files: bfa8265559e82ea1219eaf54d53a452a 609 web extra drupal_4.5.6-1.dsc 5f3cfa733600cb6b9fb6eb06c7232f4e 467739 web extra drupal_4.5.6.orig.tar.gz 518147b168202536df5a700a78bb1519 45944 web extra drupal_4.5.6-1.diff.gz ac334fdd10ec62ac174d1153607aacfc 488352 web extra drupal_4.5.6-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDjMIwUCgnLz/SlGgRAk62AKDr5xgPJD62/L20CAV3Womg14p/mwCgus8Z rtVtO67Gzm9u4W+zRLUXDhc= =ORyX -----END PGP SIGNATURE----- Accepted: drupal_4.5.6-1.diff.gz to pool/main/d/drupal/drupal_4.5.6-1.diff.gz drupal_4.5.6-1.dsc to pool/main/d/drupal/drupal_4.5.6-1.dsc drupal_4.5.6-1_all.deb to pool/main/d/drupal/drupal_4.5.6-1_all.deb drupal_4.5.6.orig.tar.gz to pool/main/d/drupal/drupal_4.5.6.orig.tar.gz
