Subject: CVS commit: [pkgsrc-2007Q3] pkgsrc/www/drupal
To: None <pkgsrc-changes@NetBSD.org>
From: Geert Hendrickx <ghen@netbsd.org>
List: pkgsrc-changes
Date: 10/22/2007 11:37:28
Module Name: pkgsrc
Committed By: ghen
Date: Mon Oct 22 11:37:28 UTC 2007
Modified Files:
pkgsrc/www/drupal [pkgsrc-2007Q3]: Makefile distinfo
Log Message:
Pullup ticket 2203 - requested by adrianp
security update for drupal
- pkgsrc/www/drupal/Makefile 1.24
- pkgsrc/www/drupal/distinfo 1.17
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Oct 18 13:01:36 UTC 2007
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
Update to 5.3
Fix a number of security issues:
SA-2007-024 - Drupal Core - HTTP response splitting
SA-2007-025 - Drupal Core - Arbitrary code execution via installer.
SA-2007-026 - Drupal Core - Cross site scripting via uploads
SA-2007-029 - Drupal Core - User deletion cross site request forgery
SA-2007-030 - Drupal Core - API handling of unpublished comment
Bugs:
Redirect to home page after user registration requiring admin approval.
More correct wording since some modules will actually work despite warning.
variable search_cron_limit was not removed on search uninstall
Append to instead of overwrite #suffix.
hide administration pages links on module help pages if there are no
admin links for the module
See http://drupal.org/node/184395 for all the details
To generate a diff of this commit:
cvs rdiff -r1.23 -r1.23.2.1 pkgsrc/www/drupal/Makefile
cvs rdiff -r1.16 -r1.16.2.1 pkgsrc/www/drupal/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.