** Changed in: drupal (Ubuntu Feisty)
Status: New => Fix Released
--
Drupal5: SA-2007-031, SA-2008-005,SA-2008-006: SQL injection and XSS
https://bugs.launchpad.net/bugs/181984
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0272
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0273
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6299
** Changed in: drupal5 (Ubuntu Gutsy)
Status: Fix Committed => F
Emanuele, I have uploaded the updated gutsy package, but the feisty debdiff
does not match up with upstream. These are the changes I am seeing (from
upstream SA-2008-005-5.5.patch to the 28_SA-2008-005-5.5.dpatch
< + 'callback' => 'drupal_get_form',
---
> + 'callback' => 'drupal_get_fr
** Changed in: drupal5 (Ubuntu Gutsy)
Status: Confirmed => Fix Committed
--
Drupal5: SA-2007-031, SA-2008-005,SA-2008-006: SQL injection and XSS
https://bugs.launchpad.net/bugs/181984
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for
Upstream re-fix SA-2007-031 patch, and I update debdiff with it. (for
feisty too)
** Attachment added: "feisty_drupal_5.1-0ubuntu2.3.debdiff (upstream patch V2)"
http://launchpadlibrarian.net/11410513/feisty_drupal_5.1-0ubuntu2.3.debdiff
--
Drupal5: SA-2007-031, SA-2008-005,SA-2008-006: SQL i
Upstream re-fix SA-2007-031 patch, and I update debdiff with it.
** Attachment added: "gutsy_drupal5_5.2-2ubuntu2.2.debdiff (upstream patch V2)"
http://launchpadlibrarian.net/11410126/gutsy_drupal5_5.2-2ubuntu2.2.debdiff
--
Drupal5: SA-2007-031, SA-2008-005,SA-2008-006: SQL injection and XSS
ultimate fix, now done for uploading. (gutsy)
** Attachment added: "gutsy_drupal5_5.2-2ubuntu2.2.debdiff"
http://launchpadlibrarian.net/11410632/gutsy_drupal5_5.2-2ubuntu2.2.debdiff
--
Drupal5: SA-2007-031, SA-2008-005,SA-2008-006: SQL injection and XSS
https://bugs.launchpad.net/bugs/181984
ultimate fix, now done for uploading. (feisty)
** Attachment added: "feisty_drupal_5.1-0ubuntu2.3.debdiff"
http://launchpadlibrarian.net/11410641/feisty_drupal_5.1-0ubuntu2.3.debdiff
--
Drupal5: SA-2007-031, SA-2008-005,SA-2008-006: SQL injection and XSS
https://bugs.launchpad.net/bugs/18198
corrected debdiff to feisty.
** Attachment added: "feisty_drupal_5.1-0ubuntu2.3.debdiff (CORRECT)"
http://launchpadlibrarian.net/11367842/feisty_drupal_5.1-0ubuntu2.3.debdiff
** Changed in: drupal5 (Ubuntu Feisty)
Status: Won't Fix => Confirmed
--
Drupal5: SA-2007-031, SA-2008-005,SA
drupal (5.1-0ubuntu2.3) feisty-security; urgency=low
* SECURITY UPDATE: (LP: 181984)
- SA-2007-031: SQL injection posssible when certain
contribuited modules are enabled
- SA-2008-005: Cross site request forgery
- SA-2008-006: Cross site scripting (UTF8)
* References:
- S
** Summary changed:
- Drupal5: SA-2007-031: SQL Injection possible when certain contributed modules
are enabled
+ Drupal5: SA-2007-031, SA-2008-005,SA-2008-006: SQL injection and XSS
--
Drupal5: SA-2007-031, SA-2008-005,SA-2008-006: SQL injection and XSS
https://bugs.launchpad.net/bugs/181984
11 matches
Mail list logo
