www/drupal4 and www/drupal5: Multiple security vulnerabilities

The Drupal project announced several security vulnerabilities for the
4.7.x and 5.x releases of the Drupal package. These effect two current
ports: www/drupal4 and www/drupal5.

The following are the security advisories that were posted:

4.7.x:
* DRUPAL-SA-2007-024: http://drupal.org/node/184315
* DRUPAL-SA-2007-026: http://drupal.org/node/184320
* DRUPAL-SA-2007-030: http://drupal.org/node/184354

5.x:
* DRUPAL-SA-2007-024: http://drupal.org/node/184315
* DRUPAL-SA-2007-025: http://drupal.org/node/184316
* DRUPAL-SA-2007-026: http://drupal.org/node/184320
* DRUPAL-SA-2007-029: http://drupal.org/node/184348
* DRUPAL-SA-2007-030: http://drupal.org/node/184354

While patches are available for 4.7.7 and 5.2, they recommend an update
to the latest version of the respective branches (4.7.8 and 5.3).

--
Linh Pham
question@xxxxxxxxxxxxx
http://closedsrc.org/

Attachment: pgpS8uff3R46g.pgp
Description: PGP signature

Relevant Pages

  • Re: Bush hates east coast port cities...
    ... which is handled by the Coast Guard and U.S. Customs. ... Can anyone explain exactly what "running the ports" involves and what ... specific security vulnerabilities would increase if this company is ...
    (rec.music.gdead)
  • Re: Ports Improvements
    ... > I'm curious if there is any major work being done in developing the ... > over the bsds' ports system that I would like to see included. ... instead of a single makefile so both mozilla and mozilla-devel ... has no impact on whether they'll have security vulnerabilities fixed. ...
    (freebsd-questions)
  • Re: www/drupal4 and www/drupal5: Multiple security vulnerabilities
    ... 4.7.x and 5.x releases of the Drupal package. ... ports: www/drupal4 and www/drupal5. ... The following are the security advisories that were posted: ...
    (FreeBSD-Security)
  • Re: Forcing a port to install?
    ... disable check for security vulnerabilities ... installing new ports. ...
    (freebsd-questions)