Debian Security Advisory
DSA-745-1 drupal -- input validation errors
- Date Reported:
- 10 Jul 2005
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2005-1921, CVE-2005-2106, CVE-2005-2116.
- More information:
Two input validation errors were discovered in drupal and its bundled xmlrpc module. These errors can lead to the execution of arbitrary commands on the web server running drupal.
drupal was not included in the old stable distribution (woody).
For the current stable distribution (sarge), these problems have been fixed in version 4.5.3-3.
For the unstable distribution (sid), these problems have been fixed in version 4.5.4-1.
We recommend that you upgrade your drupal package.
- Fixed in:
Debian GNU/Linux 3.1 (sarge)
- Architecture-independent component:
MD5 checksums of the listed files are available in the original advisory.