A vulnerability has been reported in Drupal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "taxonomy_select_nodes()" function is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that a module that passes unsanitised data to "taxonomy_select_nodes()" is installed. Some of these modules are: * taxonomy_menu * ajaxLoader * ubrowser Solution: Update to version 5.4. Reproducible: Always
maintainers - please provide an updated ebuild
Adding Roy since he is the primary maintainer.
I retired :P
Ah, okay. I was already wondering why uberlord@gentoo.org didn't work. But I believed our dev list which obviously didn't get updated yet. Thanks for the note. Will take it then.
drupal-5.4 is in the tree. The ebuild is unstable on all arches. The insecure versions were removed. webapps done here.
thanks, closing withoug glsa.