Bypass "view user profiles" permission http://drupal.org/node/39356 XSS vulnerability in submitted content http://drupal.org/node/39353 XSS and HTTP header injection vulnerability with uploaded files http://drupal.org/node/39355
Please bump to 4.6.4
web-apps any news on this one?
drupal 4.6.5 is out as ebuild, but seems to be broken. maintener could close this one
Yes, borken but fixed in security PoV so closing this one. If no bug was created for fixing the 4.6.5 brokeness, please do :)