Changelog
drupal (5.1-0ubuntu2.1) feisty-security; urgency=low
* SECURITY UPDATE:
Drupal 5.1 has some security flaws, which were detected.
Those were remote exploits namely
- Multiple cross site request forgeries
- Multiple cross site scripting vulnerabilities
+ Further readings:
http://drupal.org/node/162364
* debian/patches/*
- Added 20_SA-2007-017-5.1.dpatch, which fixes the cross site request
forgeries
- Added 21_SA-2007-018-5.1.dpatch, which fixes the cross site scripting
vulnerabilities
* References:
+ Drupal Advisories:
- http://drupal.org/node/162360 (SA-2007-017-5.1)
- http://drupal.org/node/162361 (SA-2007-018.5.1)
+ CVE:
- CVE-2007-4064 (Cross Site Scripting Vulnerability)
- CVE-2007-4063 (Cross Site Forgery)
-- Stephan Hermann <email address hidden> Thu, 06 Sep 2007 17:30:34 +0200