UbuntuUpdates - Package "drupal5" (hardy)

Package drupal5

Name:	drupal5
Description:	a fully-featured content management framework Drupal is a dynamic web site platform which allows an individual or community of users to publish, manage and organize a variety of content, Drupal integrates many popular features of content management systems, weblogs, collaborative tools and discussion-based community software into one easy-to-use package. This package contains version 5 of Drupal. More information about is available at http://www.drupal.org
Latest version:	5.7-1ubuntu1.2
Ubuntu release:	hardy
Level:	security
Repository:	universe

See all versions of this package in all Ubuntu releases and repositories.

Show Raw Package Information

Change Log

Version: 5.7-1ubuntu1.2

2010-02-08 20:01:46 UTC

drupal5 (5.7-1ubuntu1.2) hardy-security; urgency=low

  * SECURITY UPDATE: Multiple vulnerabilities and weaknesses
    were discovered in Drupal. (LP: #431080):
    - 13_SA-2008-047
    - 14_SA-2008-060
    - 15_SA-2008-067
    - 16_SA-2008-073
    - 17_SA-CORE-2009-001
    - 18_SA-CORE-2009-005
    - 19_SA-CORE-2009-006
    - 20_SA-CORE-2009-007
    - 21_SA-CORE-2009-008
    - 22_SA-CORE-2009-009

  * Fixes:
    - CVE-2008-6171
    - CVE-2008-6532
    - CVE-2008-6533
    - CVE-2009-1576
    - CVE-2009-2372
    - CVE-2009-2373
    - CVE-2009-2374
    - CVE-2009-4370

 -- Artur Rona   Sun, 31 Jan 2010 14:40:34 +0100

431080	drupal5: "Fix critical security vulnerability (SA-CORE-2009-008)"
CVE-2008-6171	includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attacke
CVE-2008-6532	Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers t
CVE-2008-6533	Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being p
CVE-2009-1576	Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to o
CVE-2009-2372	Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-
CVE-2009-2373	Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML
CVE-2009-2374	Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes th
CVE-2009-4370	Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated u

About - Changelog

UbuntuUpdates.org

Package drupal5

Change Log

News

Latest updates

security

updates

backports

proposed

PPA updates