From official site: http://drupal.org/node/345441 And Secunia: http://secunia.com/Advisories/33112/ Drupal Team already released 6.8 and 5.14, i think we just need a version bump, so i'm putting [ebuild] keyword. I'm also putting ~2 because, from Secunia: 2) The application does not completely remove deleted input formats. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Thanks for the report. However, "execute arbitrary HTML and script code" is ~4; ~2 would be execution of arbitrary shell code.
Ok, changing it to ~4. Peter already uploaded 6.7 and 5.13 ebuilds to CVS.
yay... noglsa!