Subject: CVS commit: [pkgsrc-2007Q3] pkgsrc/www/drupal
From: Geert Hendrickx
Date: 2007-10-22 13:37:28
Message id: 20071022113728.BB48E21507@cvs.netbsd.org

Log Message:
Pullup ticket 2203 - requested by adrianp
security update for drupal

- pkgsrc/www/drupal/Makefile				1.24
- pkgsrc/www/drupal/distinfo				1.17

   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Thu Oct 18 13:01:36 UTC 2007

   Modified Files:
	   pkgsrc/www/drupal: Makefile distinfo

   Log Message:
   Update to 5.3

   Fix a number of security issues:
   SA-2007-024 - Drupal Core - HTTP response splitting
   SA-2007-025 - Drupal Core - Arbitrary code execution via installer.
   SA-2007-026 - Drupal Core - Cross site scripting via uploads
   SA-2007-029 - Drupal Core - User deletion cross site request forgery
   SA-2007-030 - Drupal Core - API handling of unpublished comment

   Bugs:
   Redirect to home page after user registration requiring admin approval.
   More correct wording since some modules will actually work despite warning.
   variable search_cron_limit was not removed on search uninstall
   Append to instead of overwrite #suffix.
   hide administration pages links on module help pages if there are no
   admin links for the module

   See http://drupal.org/node/184395 for all the details

Files:
RevisionActionfile
1.23.2.1modifypkgsrc/www/drupal/Makefile
1.16.2.1modifypkgsrc/www/drupal/distinfo