Package: drupal Version: 4.5.5-2 Severity: grave Tags: security Justification: user security hole
Clicking "Log Out" appears to work, however user is still logged in. See http://drupal.org/node/29201 for discussion and solution. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-bs-k7 Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Versions of packages drupal depends on: ii apache2 2.0.54-5 next generation, scalable, extenda ii apache2-mpm-prefork [apache2 2.0.54-5 traditional model for Apache2 ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy ii exim4 4.54-1 metapackage to ease exim MTA (v4) ii exim4-daemon-light [mail-tra 4.54-1 lightweight exim MTA (v4) daemon ii makepasswd 1.10-3 Generate and encrypt passwords ii mysql-client-4.1 [virtual-my 4.1.14-6 mysql database client binaries ii php4-cli 4:4.3.10-16 command-line interpreter for the p ii php4-mysql 4:4.3.10-16 MySQL module for php4 ii postgresql-client 7.5.11 front-end programs for PostgreSQL ii wwwconfig-common 0.0.44 Debian web auto configuration Versions of packages drupal recommends: pn apache <none> (no description available) ii libapache2-mod-php4 4:4.3.10-16 server-side, HTML-embedded scripti ii mysql-server 4.1.14-6 mysql database server (transitiona ii mysql-server-4.1 [mysql-serv 4.1.14-6 mysql database server binaries ii php4 4:4.3.10-16 server-side, HTML-embedded scripti ii postgresql 7.5.11 object-relational SQL database man -- debconf information: * drupal/remove_backups: true drupal/createuser_failed: * drupal/db_auto_update: false drupal/dropdb_failed: drupal/upgradedb_impossible: * drupal/dbgeneration: false * drupal/dbtype: MySQL * drupal/database_doremove: false drupal/createdb_failed: * drupal/dbserver: localhost * drupal/webserver: apache, apache2 drupal/upgradedb_failed: * drupal/dbname: drupal drupal/dbuser: drupal drupal/dbadmin: root drupal/initdb_failed: drupal/conffile_failed: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
