rpms/drupal/EL-5 drupal-README.fedora, 1.2, 1.3 drupal.conf, 1.1, 1.2 drupal.spec, 1.10, 1.11 sources, 1.10, 1.11
Jon Ciesla
limb at fedoraproject.org
Thu Oct 9 12:24:33 UTC 2008
- Previous message (by thread): rpms/drupal/EL-4 drupal-README.fedora, 1.2, 1.3 drupal.conf, 1.1, 1.2 drupal.spec, 1.10, 1.11 sources, 1.10, 1.11
- Next message (by thread): rpms/purple-plugin_pack/F-8 purple-plugin_pack-2.4.0-switchspell-execstack.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 purple-plugin_pack.spec, 1.2, 1.3 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: limb
Update of /cvs/pkgs/rpms/drupal/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12003/EL-5
Modified Files:
drupal-README.fedora drupal.conf drupal.spec sources
Log Message:
EPEL, SA-2008-060.
Index: drupal-README.fedora
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/EL-5/drupal-README.fedora,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- drupal-README.fedora 6 Dec 2007 03:18:43 -0000 1.2
+++ drupal-README.fedora 9 Oct 2008 12:24:03 -0000 1.3
@@ -30,3 +30,12 @@
should not run into problems, but if any symlinks are changed, they will be
re-written when the package is upgraded, which could break the site until
you re-change the symlink.
+
+3. SSL/TLS usage.
+CVE-2008-3661 relates to the security of session cookies and SSL/TLS.
+
+http://int21.de/cve/CVE-2008-3661-drupal.html
+http://www.securityfocus.com/bid/31285
+
+To help mitigate this, uncomment the following line in /etc/httpd/conf.d/drupal.conf:
+#php_flag session.cookie_secure on
Index: drupal.conf
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/EL-5/drupal.conf,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- drupal.conf 25 Jul 2007 12:12:22 -0000 1.1
+++ drupal.conf 9 Oct 2008 12:24:03 -0000 1.2
@@ -11,4 +11,7 @@
#Allow from all
#Uncomment the following line for setup
#Allow from 127.0.0.1
+ AllowOverride All
+ #Uncomment the next line if using with SSL/TLS
+ #php_flag session.cookie_secure on
</Directory>
Index: drupal.spec
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/EL-5/drupal.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- drupal.spec 14 Aug 2008 12:40:00 -0000 1.10
+++ drupal.spec 9 Oct 2008 12:24:03 -0000 1.11
@@ -1,6 +1,6 @@
%define drupaldir %{_datadir}/drupal
Name: drupal
-Version: 5.10
+Version: 5.11
Release: 1%{?dist}
Summary: An open-source content-management platform
@@ -71,6 +71,10 @@
%dir %attr(775,root,apache) %{_localstatedir}/lib/drupal/
%changelog
+* Thu Oct 09 2008 Jon Ciesla <limb at jcomserv.net> - 5.11-1
+- Upgrade to 5.11, SA-2008-060.
+- Added notes to README and drupal.conf re CVE-2008-3661.
+
* Thu Aug 14 2008 Jon Ciesla <limb at jcomserv.net> - 5.10-1
- Upgrade to 5.10, SA-2008-047.
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/EL-5/sources,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- sources 14 Aug 2008 12:40:00 -0000 1.10
+++ sources 9 Oct 2008 12:24:03 -0000 1.11
@@ -1 +1 @@
-819a914e97de48d2b2a8ab6955d01215 drupal-5.10.tar.gz
+de0936e4a991d1945129a56afcb6ef59 drupal-5.11.tar.gz
- Previous message (by thread): rpms/drupal/EL-4 drupal-README.fedora, 1.2, 1.3 drupal.conf, 1.1, 1.2 drupal.spec, 1.10, 1.11 sources, 1.10, 1.11
- Next message (by thread): rpms/purple-plugin_pack/F-8 purple-plugin_pack-2.4.0-switchspell-execstack.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 purple-plugin_pack.spec, 1.2, 1.3 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list