On Tue, Aug 30, 2005 at 01:44:33PM +0200, Moritz Muehlenhoff wrote: > Moritz Muehlenhoff wrote: > > Package: drupal > > Severity: grave > > Tags: security > > Justification: user security hole
> > [I'm pretty sure you are already aware of it; but here it is anyway] > > Another XMLRPC vulnerability has been detected that affects Drupal > > as well. Please see http://www.hardened-php.net/advisory_142005.66.html > > for information about the issue in general. > > The new upstream release 4.5.4 resolves this issue. > drupal's transition into testing doesn't take place, because the changelog > of the fixed package didn't contain bug closers and the two RC security bugs > prevent migration. > So, please, either close them manually or with the next upload. If the bugs are fixed in the current version then they should be closed *now*, not waiting until the next upload. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature