Description: A vulnerability has been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an input validation error in the privilege system and can be exploited to gain administrative privileges. Successful exploitation requires that the "Public registrations" option has been enabled. The vulnerability has been reported in versions 4.4.0, 4.4.1, 4.4.2, 4.5.0, 4.5.1, 4.5.2 and 4.6.0. Solution: Update to version 4.4.3, 4.5.3, or 4.6.1. http://drupal.org/project
st_lim please bump
web-apps please bump
Hi, Sorry, was away in France for a holiday. Just back. Bumping... Should see in CVS soon.
Can't see the update on CVS yet... st_lim: please keep the bug open, we'll close it when we're done. Comment when the bump is committed.
4.6.1 is in portage
alpha: please test and mark ~alpha if possible...
drupal re-keyworded. st_lim please next time follow the keywording policy. If you think the new drupal version may not work on alpha for some reason file us a bug and we'll take care of it. But _NEVER_ drop a keyword without explaining us why. Cheers, Ferdy
Then we're done.