Package: drupal5 Version: 5.2-1 Severity: grave Tags: security Justification: user security hole
The settings.php (/etc/drupal/5/sites/default/settings.php) provided in the Debian Drupal 5.2 package is not up to date (CVS version 1.27 vs. 1.39.2.3 in the Drupal 5.2 tarball from Drupal). Because this file is part of the 5.2 security update (see the "Important note" at <http://drupal.org/drupal-5.2>), I marked this bug as serious. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-k7 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages drupal5 depends on: ii apache2 2.2.3-5 Next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.2.3-5 Traditional model for Apache HTTPD ii curl 7.16.4-1 Get a file from an HTTP, HTTPS or ii dbconfig-common 1.8.35 common framework for packaging dat ii debconf 1.5.13 Debian configuration management sy ii exim4 4.67-7 meta-package to ease Exim MTA (v4) ii exim4-daemon-light [mail-tran 4.67-7 lightweight Exim MTA (v4) daemon ii mysql-client-5.0 [mysql-clien 5.0.45-1 MySQL database client binaries ii php5 5.2.3-1 server-side, HTML-embedded scripti ii php5-gd 5.2.3-1+b1 GD module for php5 ii php5-mysql 5.2.3-1+b1 MySQL module for php5 ii wwwconfig-common 0.0.48 Debian web auto configuration Versions of packages drupal5 recommends: ii mysql-server 5.0.45-1 MySQL database server (meta packag ii mysql-server-5.0 [mysql-serve 5.0.45-1 MySQL database server binaries -- debconf information: drupal5/pgsql/changeconf: false * drupal5/db/app-user: drupal5 drupal5/pgsql/authmethod-admin: ident * drupal5/mysql/admin-user: root * drupal5/webserver: apache2 * drupal5/mysql/method: unix socket drupal5/install-error: abort drupal5/passwords-do-not-match: * drupal5/database-type: mysql drupal5/pgsql/method: unix socket drupal5/upgrade-backup: true drupal5/dbconfig-reinstall: false drupal5/pgsql/admin-user: postgres drupal5/internal/reconfiguring: false drupal5/remote/host: drupal5/dbconfig-remove: drupal5/db/basepath: * drupal5/dbconfig-install: true drupal5/internal/skip-preseed: false drupal5/pgsql/manualconf: drupal5/pgsql/no-empty-passwords: drupal5/pgsql/authmethod-user: drupal5/remote/newhost: drupal5/dbconfig-upgrade: true drupal5/remove-error: abort drupal5/purge: false * drupal5/db/dbname: drupal5 drupal5/missing-db-package-error: abort drupal5/upgrade-error: abort drupal5/remote/port: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
