-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 30 Nov 2005 23:23:05 +0100 Source: drupal Binary: drupal Architecture: source all Version: 4.5.3-5 Distribution: stable-security Urgency: high Maintainer: Martin Schulze <joey@debian.org> Changed-By: Hilko Bengen <bengen@debian.org> Description: drupal - fully-featured content management/discussion engine Changes: drupal (4.5.3-5) stable-security; urgency=HIGH . * Maintainer upload for the Security Team * Fixes three security vulnerabilities: - DRUPAL-SA-2005-007: Cross-site-scripting vulnerability - DRUPAL-SA-2005-008: It was possible to attach files that are able to run Javascript under Internet Explorer. - DRUPAL-SA-2005-009: It was possible to bypass the 'access user profile' permission if the server was running PHP5 Files: 55d91c43600aa680ba52b17c717ea8e3 609 web extra drupal_4.5.3-5.dsc 5349b33da1964a91340d7e98db1fc924 80360 web extra drupal_4.5.3-5.diff.gz 925cd8f84b2ec34f98663d849816066b 501814 web extra drupal_4.5.3-5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD08CYW5ql+IAeqTIRAgAAAKCf/0v0n+D18jyLCh5qUqmL7N8p7wCfcZxT d9VJmzp2FURExR1ue/V2kBU= =vOE2 -----END PGP SIGNATURE----- Accepted: drupal_4.5.3-5.diff.gz to pool/main/d/drupal/drupal_4.5.3-5.diff.gz drupal_4.5.3-5.dsc to pool/main/d/drupal/drupal_4.5.3-5.dsc drupal_4.5.3-5_all.deb to pool/main/d/drupal/drupal_4.5.3-5_all.deb