rpms/drupal/F-9 drupal-README.fedora, 1.3, 1.4 drupal.conf, 1.2, 1.3 drupal.spec, 1.16, 1.17 sources, 1.13, 1.14
Jon Ciesla
limb at fedoraproject.org
Thu Oct 9 12:22:12 UTC 2008
- Previous message (by thread): rpms/drupal/F-8 .cvsignore, 1.7, 1.8 drupal-README.fedora, 1.3, 1.4 drupal.conf, 1.2, 1.3 drupal.spec, 1.13, 1.14 sources, 1.11, 1.12
- Next message (by thread): rpms/drupal/EL-4 drupal-README.fedora, 1.2, 1.3 drupal.conf, 1.1, 1.2 drupal.spec, 1.10, 1.11 sources, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: limb
Update of /cvs/pkgs/rpms/drupal/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11664
Modified Files:
drupal-README.fedora drupal.conf drupal.spec sources
Log Message:
SA-2008-060.
Index: drupal-README.fedora
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-9/drupal-README.fedora,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- drupal-README.fedora 6 Dec 2007 02:32:01 -0000 1.3
+++ drupal-README.fedora 9 Oct 2008 12:21:41 -0000 1.4
@@ -30,3 +30,12 @@
should not run into problems, but if any symlinks are changed, they will be
re-written when the package is upgraded, which could break the site until
you re-change the symlink.
+
+3. SSL/TLS usage.
+CVE-2008-3661 relates to the security of session cookies and SSL/TLS.
+
+http://int21.de/cve/CVE-2008-3661-drupal.html
+http://www.securityfocus.com/bid/31285
+
+To help mitigate this, uncomment the following line in /etc/httpd/conf.d/drupal.conf:
+#php_flag session.cookie_secure on
Index: drupal.conf
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-9/drupal.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- drupal.conf 7 Jan 2008 19:49:54 -0000 1.2
+++ drupal.conf 9 Oct 2008 12:21:41 -0000 1.3
@@ -12,4 +12,6 @@
#Uncomment the following line for setup
#Allow from 127.0.0.1
AllowOverride All
+ #Uncomment the next line if using with SSL/TLS
+ #php_flag session.cookie_secure on
</Directory>
Index: drupal.spec
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-9/drupal.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- drupal.spec 14 Aug 2008 12:40:01 -0000 1.16
+++ drupal.spec 9 Oct 2008 12:21:41 -0000 1.17
@@ -1,6 +1,6 @@
%define drupaldir %{_datadir}/drupal
Name: drupal
-Version: 6.4
+Version: 6.5
Release: 1%{?dist}
Summary: An open-source content-management platform
@@ -72,6 +72,10 @@
%dir %attr(775,root,apache) %{_localstatedir}/lib/drupal/
%changelog
+* Thu Oct 09 2008 Jon Ciesla <limb at jcomserv.net> - 6.5-1
+- Upgrade to 6.5, SA-2008-060.
+- Added notes to README and drupal.conf re CVE-2008-3661.
+
* Thu Aug 14 2008 Jon Ciesla <limb at jcomserv.net> - 6.4-1
- Upgrade to 6.4, SA-2008-047.
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-9/sources,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- sources 14 Aug 2008 12:40:01 -0000 1.13
+++ sources 9 Oct 2008 12:21:41 -0000 1.14
@@ -1 +1 @@
-497b537285ad5847c1d3cb2f98ccf88c drupal-6.4.tar.gz
+a88c561f0e61168b6ac710de55b6f91f drupal-6.5.tar.gz
- Previous message (by thread): rpms/drupal/F-8 .cvsignore, 1.7, 1.8 drupal-README.fedora, 1.3, 1.4 drupal.conf, 1.2, 1.3 drupal.spec, 1.13, 1.14 sources, 1.11, 1.12
- Next message (by thread): rpms/drupal/EL-4 drupal-README.fedora, 1.2, 1.3 drupal.conf, 1.1, 1.2 drupal.spec, 1.10, 1.11 sources, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list