SA 2008

Drupal Security Announcements, December 2008

Submitted by Dave Keays on Wed, 12/03/2008 - 21:52
Tags:

SA-2008-072
The storm project allows users with access to the storm project to enter data that has not been properly sanitized.

Versions Affected

  • Drupal 5; anything prior to 5.x-1.14
  • Drupal 6; anything prior to 6.x-1.18

SA-2008-073
There is a CSRF int the Drupal core which may allow someone to rerun old updates which will impact the database.
Also note that the robots.txt and .htaccess files have changed and need to be replaced with the new kernel.

Syndicate content