On 12-8-10 11:37 , Ivan Vilata i Balaguer wrote:
DRUPAL-SA-CORE-2010-002 from 2010-08-12 includes several vulnerabilities, some of them allowing malicious site identifying as existing users and gaining administrative access.
This seems to be a bug in the OpenID implementation of Drupal. If a site does not have the code module OpenID enabled, I suspect it is not vulnerable? AFAIK the OpenID modules is not enabled by default.
I just want to get a reality check on the number of Debian Drupal installations that might be vulnerable. A Debian package of Drupal 6.19 is of course very welcome.
Richard -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
