Drupal is vulnerable to sql injection, drupal SA-2007-031: http://drupal.org/node/198162
added 5.5 to the tree, removed 5.4. UNstable on all arches. webapps done.
Well, according to the advisory, 5.4 was already fixed, but it's always good to have the latest version in the tree :) closing without glsa.