clone 501635 -1 reassign -1 drupal6 severity 501635 important thanks Hi Ingo,
On Thu, October 9, 2008 07:35, Ingo Juergensmann wrote: > See the Drupal SA-2008-060 for more details: Ok, I've done so, and find that: * File upload access bypass: 6.x only. Serious issue. * Access rules bypass: 5.x and 6.x. Although this is clearly a bug I don't immediately judge it has having very grave consequences. Such access control is usually an additional layer on other protections. * BlogAPI access bypass. Users of this should already be trusted, and only in a minor part. * Node validation bypass: 5.x only and only a preventive measure. So for drupal5 I think this is "important" at most. Still, it would be very good to fix it in Lenny and I hope the maintainers will take swift action to do so. For drupal6 this is serious and I'm cloning there. Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
