Several security related problems have been discovered in drupal, a fully-featured content management/discussion engine. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-3973 Several cross-site scripting vulnerabilities allow remote attackers to inject arbitrary web script or HTML. CVE-2005-3974 When running on PHP5, Drupal does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission. CVE-2005-3975 An interpretation conflict allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension. The old stable distribution (woody) does not contain drupal packages. For the stable distribution (sarge) these problems have been fixed in version 4.5.3-5. For the unstable distribution (sid) these problems have been fixed in version 4.5.6-1. We recommend that you upgrade your drupal package.
Several security related problems have been discovered in drupal, a fully-featured content management/discussion engine. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
Several cross-site scripting vulnerabilities allow remote attackers to inject arbitrary web script or HTML.
When running on PHP5, Drupal does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
An interpretation conflict allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension.
The old stable distribution (woody) does not contain drupal packages.
For the stable distribution (sarge) these problems have been fixed in version 4.5.3-5.
For the unstable distribution (sid) these problems have been fixed in version 4.5.6-1.
We recommend that you upgrade your drupal package.
MD5 checksums of the listed files are available in the original advisory.