drupal.org - Security update

nodequeue 5.x-2.8

ezra-g — Wed, 08 Jul 2009 15:09:07 +0000

Official release from CVS tag: DRUPAL-5--2-8
First released: July 8, 2009 - 15:09

Download: nodequeue-5.x-2.8.tar.gz
Size: 45.6 KB
md5_file hash: f13116f0d2165aaf37ba25c961263223
Last updated: July 8, 2009 - 15:11

View usage statistics for this release

Official release from CVS tag: DRUPAL-5--2-8
First released: July 8, 2009 - 15:09

Download: nodequeue-5.x-2.8.tar.gz
Size: 45.6 KB
md5_file hash: f13116f0d2165aaf37ba25c961263223
Last updated: July 8, 2009 - 15:11

View usage statistics for this release

SA-CONTRIB-2009-041

nodequeue 6.x-2.3

ezra-g — Wed, 08 Jul 2009 15:08:00 +0000

Official release from CVS tag: DRUPAL-6--2-3
First released: July 8, 2009 - 15:08

Download: nodequeue-6.x-2.3.tar.gz
Size: 380.97 KB
md5_file hash: dcfb0fb01e929f54e626a5f7a178b7a6
Last updated: July 8, 2009 - 15:11

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--2-3
First released: July 8, 2009 - 15:08

Download: nodequeue-6.x-2.3.tar.gz
Size: 380.97 KB
md5_file hash: dcfb0fb01e929f54e626a5f7a178b7a6
Last updated: July 8, 2009 - 15:11

View usage statistics for this release

SA-CONTRIB-2009-041

Bugs Fixed:
bug #490130 by ezra-g: array_shift error on nodequeue_view_random_node
bug #483204 by wulff and nrambeck: Queue Manipulation callbacks not updated from Drupal 5

Drupal 5.19

drumm — Wed, 01 Jul 2009 20:56:51 +0000

Official release from CVS tag: DRUPAL-5-19
First released: July 1, 2009 - 20:56

Download: drupal-5.19.tar.gz
Size: 748.86 KB
md5_file hash: d5e3dbcfd3e7f7ef431dada57a6c846e
Last updated: July 1, 2009 - 21:01

View usage statistics for this release

Official release from CVS tag: DRUPAL-5-19
First released: July 1, 2009 - 20:56

Download: drupal-5.19.tar.gz
Size: 748.86 KB
md5_file hash: d5e3dbcfd3e7f7ef431dada57a6c846e
Last updated: July 1, 2009 - 21:01

View usage statistics for this release

The nineteenth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

SA-CORE-2009-007 Drupal core - Multiple vulnerabilities

drupal 6.13

Gábor Hojtsy — Wed, 01 Jul 2009 20:54:20 +0000

Official release from CVS tag: DRUPAL-6-13
First released: July 1, 2009 - 20:54

Download: drupal-6.13.tar.gz
Size: 1.03 MB
md5_file hash: 76dcb6e311fbb98ca3322fd1413f4a04
Last updated: July 1, 2009 - 20:55

View usage statistics for this release

Official release from CVS tag: DRUPAL-6-13
First released: July 1, 2009 - 20:54

Download: drupal-6.13.tar.gz
Size: 1.03 MB
md5_file hash: 76dcb6e311fbb98ca3322fd1413f4a04
Last updated: July 1, 2009 - 20:55

View usage statistics for this release

The thirteenth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.12 release:

- Patch #463450 by wulff: fixed documentation glitch.
#193577 by Rob Loach, Damien Tournoud, andypost: JavaScript string split() function does not behave like PHP explode(); causes problems with multiple node body break tags
#454992 by sun, bengtan: _drupal_flush_css_js() should not have 'q' as a possible CSS query character, since that is the Drupal path name character too
#452704 by andypost, catch: Names of compressed CSS and JS files should have a prefix, so that names starting in ad* will not happen. Those are easily blocked by firewalls, Firefox's Adblock, etc.

advanced_forum 5.x-1.1

Michelle — Wed, 01 Jul 2009 20:31:08 +0000

Official release from CVS tag: DRUPAL-5--1-1
First released: July 1, 2009 - 20:31

Download: advanced_forum-5.x-1.1.tar.gz
Size: 226.26 KB
md5_file hash: 62e84a79317466263bab08f54f856b0c
Last updated: July 1, 2009 - 20:35

View usage statistics for this release

Official release from CVS tag: DRUPAL-5--1-1
First released: July 1, 2009 - 20:31

Download: advanced_forum-5.x-1.1.tar.gz
Size: 226.26 KB
md5_file hash: 62e84a79317466263bab08f54f856b0c
Last updated: July 1, 2009 - 20:35

View usage statistics for this release

Fixes SA-CONTRIB-2009-040 - Advanced Forum - Multiple vulnerabilities.

Other changes since 1.0:
#422652 by NeoID: Closed tag on break in advanced_forum-forum-legend.tpl.php

advanced_forum 6.x-1.1

Michelle — Wed, 01 Jul 2009 20:12:08 +0000

Official release from CVS tag: DRUPAL-6--1-1
First released: July 1, 2009 - 20:12

Download: advanced_forum-6.x-1.1.tar.gz
Size: 193.07 KB
md5_file hash: f8bf2481a5eeab334dc141aa6f878547
Last updated: July 1, 2009 - 20:15

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--1-1
First released: July 1, 2009 - 20:12

Download: advanced_forum-6.x-1.1.tar.gz
Size: 193.07 KB
md5_file hash: f8bf2481a5eeab334dc141aa6f878547
Last updated: July 1, 2009 - 20:15

View usage statistics for this release

Fixes SA-CONTRIB-2009-040 - Advanced Forum - Multiple vulnerabilities.

Other changes since 1.0:
#485700 by tjodolv: Changed clear on br to clear-block in legend.
#490972 by Jessica123: Added buttons for French.
#460734 by moviemaniac: added Italian translation.
#460734 by MGParisi: Minor fix to .pot as well as removing an extra space in a translated string.
#471510 by wulff: Added Danish translation.
#422652 by NeoID: Closed tag on break in advanced_forum-forum-legend.tpl.php

links 6.x-1.2

syscrusher — Wed, 24 Jun 2009 21:49:50 +0000

Official release from CVS tag: DRUPAL-6--1-2
First released: June 24, 2009 - 21:49

Download: links-6.x-1.2.tar.gz
Size: 657.58 KB
md5_file hash: 08bd269d60d8b0adab451d7f6c7b44d9
Last updated: June 24, 2009 - 21:51

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--1-2
First released: June 24, 2009 - 21:49

Download: links-6.x-1.2.tar.gz
Size: 657.58 KB
md5_file hash: 08bd269d60d8b0adab451d7f6c7b44d9
Last updated: June 24, 2009 - 21:51

View usage statistics for this release

Corrected unchecked title text field (security).

links 5.x-1.13

syscrusher — Wed, 24 Jun 2009 21:45:00 +0000

Official release from CVS tag: DRUPAL-5--1-13
First released: June 24, 2009 - 21:45

Download: links-5.x-1.13.tar.gz
Size: 169.85 KB
md5_file hash: 87e0c742a368e23745292156adb0177d
Last updated: June 24, 2009 - 21:46

View usage statistics for this release

Official release from CVS tag: DRUPAL-5--1-13
First released: June 24, 2009 - 21:45

Download: links-5.x-1.13.tar.gz
Size: 169.85 KB
md5_file hash: 87e0c742a368e23745292156adb0177d
Last updated: June 24, 2009 - 21:46

View usage statistics for this release

Fixed an unchecked title text field (security vulnerability).

nodequeue 5.x-2.7

ezra-g — Wed, 10 Jun 2009 22:26:31 +0000

Official release from CVS tag: DRUPAL-5--2-7
First released: June 10, 2009 - 22:26

Download: nodequeue-5.x-2.7.tar.gz
Size: 43.77 KB
md5_file hash: ea364fc1c059a5d9443a4d1f8bc92a7a
Last updated: June 10, 2009 - 22:31

View usage statistics for this release

Official release from CVS tag: DRUPAL-5--2-7
First released: June 10, 2009 - 22:26

Download: nodequeue-5.x-2.7.tar.gz
Size: 43.77 KB
md5_file hash: ea364fc1c059a5d9443a4d1f8bc92a7a
Last updated: June 10, 2009 - 22:31

View usage statistics for this release

This release fixes Security vulnerabilities from #488092 SA-CONTRIB-2009-038 - Nodequeue - Multiple vulnerabilities.

nodequeue 6.x-2.2

ezra-g — Wed, 10 Jun 2009 22:25:40 +0000

Official release from CVS tag: DRUPAL-6--2-2
First released: June 10, 2009 - 22:25

Download: nodequeue-6.x-2.2.tar.gz
Size: 380.93 KB
md5_file hash: 8ec3d5c14f9adfadb416e54be3ccf407
Last updated: June 10, 2009 - 22:31

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--2-2
First released: June 10, 2009 - 22:25

Download: nodequeue-6.x-2.2.tar.gz
Size: 380.93 KB
md5_file hash: 8ec3d5c14f9adfadb416e54be3ccf407
Last updated: June 10, 2009 - 22:31

View usage statistics for this release

This release contains fixes for the Security Advisory #488092 SA-CONTRIB-2009-038 - Nodequeue - Multiple vulnerabilities.

New Features:
#310177: Nodequeue web service - propose including in the nodequeue package

Bugs Fixed:
#467178: Queue doesn't load unpublished nodes
#473142: bypass_cache in nodequeue_load_queues() doesn't behave as expected
#461516: Nodequeue Generate generates out of bound positions.
#473074: nodequeue_queue_access() ignores passed in $account
#468178: Subqueue count displays incorrectly after adding a node on nodequeue tab
#446452: nodequeue_load_x functions should return data in a uniform format

views 6.x-2.6

merlinofchaos — Wed, 10 Jun 2009 22:09:46 +0000

Official release from CVS tag: DRUPAL-6--2-6
First released: June 10, 2009 - 22:09

Download: views-6.x-2.6.tar.gz
Size: 1.46 MB
md5_file hash: a39827a5430373ab8508f2773b0bc6ea
Last updated: June 10, 2009 - 22:11

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--2-6
First released: June 10, 2009 - 22:09

Download: views-6.x-2.6.tar.gz
Size: 1.46 MB
md5_file hash: a39827a5430373ab8508f2773b0bc6ea
Last updated: June 10, 2009 - 22:11

View usage statistics for this release

Bugs fixed

#419226 by kelvincool: Respect admin theme during views ajax operations.
#419270 by voxpelli: set_where_group() could fail if no previous groups.
#422054 by yhahn: Protect exports from impropertly indenting multiline strings.
#437070 by mikeryan: Base table formerly limited to 32 characters.
#317271 by quicksketch: ensure_my_table() limited to one relationship per table.
#441520 by jonathan1055: Allow the "time ago" date format to work on future dates as well.
#445398 by casey: reduce_value_options() using wrong value array.
#451370 by skwashd: base.js had some DOS line endings.
#454754 by dww: Fix PGSQL related errors with comment author filtering.
#384286 by dww: Make it possible to expose the filter for "Node: Has new content"

booktree 5.x-7.3

Heine — Wed, 10 Jun 2009 17:49:09 +0000

Official release from CVS tag: DRUPAL-5--7-3
First released: June 10, 2009 - 17:49

Download: booktree-5.x-7.3.tar.gz
Size: 7.8 KB
md5_file hash: f8c7b90b3ccdb2a6a580bc23442d0395
Last updated: June 10, 2009 - 17:50

View usage statistics for this release

Official release from CVS tag: DRUPAL-5--7-3
First released: June 10, 2009 - 17:49

Download: booktree-5.x-7.3.tar.gz
Size: 7.8 KB
md5_file hash: f8c7b90b3ccdb2a6a580bc23442d0395
Last updated: June 10, 2009 - 17:50

View usage statistics for this release

Fix for SA-CONTRIB-2009-035 - Booktree - Cross site scripting.

services 6.x-0.14

marcingy — Wed, 10 Jun 2009 17:22:08 +0000

Official release from CVS tag: DRUPAL-6--0-14
First released: June 10, 2009 - 17:22

Download: services-6.x-0.14.tar.gz
Size: 22.51 KB
md5_file hash: bc68d64b215ba1fa1e2e9d01a9fe110e
Last updated: June 10, 2009 - 17:26

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--0-14
First released: June 10, 2009 - 17:22

Download: services-6.x-0.14.tar.gz
Size: 22.51 KB
md5_file hash: bc68d64b215ba1fa1e2e9d01a9fe110e
Last updated: June 10, 2009 - 17:26

View usage statistics for this release

This fixes a security issue with services and the ability to access keys when key auth is enabled.

See http://drupal.org/node/488004

taxonomy_manager 5.x-1.2

mh86 — Wed, 10 Jun 2009 15:40:12 +0000

Official release from CVS tag: DRUPAL-5--1-2
First released: June 10, 2009 - 15:40

Download: taxonomy_manager-5.x-1.2.tar.gz
Size: 47.52 KB
md5_file hash: e96667b4e85f3b077cfeff99a62c13ec
Last updated: June 10, 2009 - 15:42

View usage statistics for this release

Official release from CVS tag: DRUPAL-5--1-2
First released: June 10, 2009 - 15:40

Download: taxonomy_manager-5.x-1.2.tar.gz
Size: 47.52 KB
md5_file hash: e96667b4e85f3b077cfeff99a62c13ec
Last updated: June 10, 2009 - 15:42

View usage statistics for this release

Security Update - fixing multiple XSS vulnerabilities:

* Vocabulary name was displayed unfiltered
* Synonyms displayed unfiltered on term data detail page
* Parent and related terms displayed unfiltered on term data detail page
* Term names might have been unfiltered when using taxonomy tree form element in other modules (e.g. content taxonomy tree widget)

taxonomy_manager 6.x-1.1

mh86 — Wed, 10 Jun 2009 15:37:57 +0000

Official release from CVS tag: DRUPAL-6--1-1
First released: June 10, 2009 - 15:37

Download: taxonomy_manager-6.x-1.1.tar.gz
Size: 58.06 KB
md5_file hash: 2e841d8f6085e3e0452b1dff62859b98
Last updated: June 10, 2009 - 15:42

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--1-1
First released: June 10, 2009 - 15:37

Download: taxonomy_manager-6.x-1.1.tar.gz
Size: 58.06 KB
md5_file hash: 2e841d8f6085e3e0452b1dff62859b98
Last updated: June 10, 2009 - 15:42

View usage statistics for this release

Security Update - fixing multiple XSS vulnerabilities:

* Vocabulary name was displayed unfiltered
* Synonyms displayed unfiltered on term data detail page
* Term names might have been unfiltered when using taxonomy tree form element in other modules (e.g. content taxonomy tree widget)

quiz 6.x-3.0

mbutcher — Wed, 03 Jun 2009 20:04:59 +0000

Official release from CVS tag: DRUPAL-6--3-0
First released: June 3, 2009 - 20:04

Download: quiz-6.x-3.0.tar.gz
Size: 115.3 KB
md5_file hash: fc300185b156b7d6e81a67104bbd189a
Last updated: June 3, 2009 - 20:06

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--3-0
First released: June 3, 2009 - 20:04

Download: quiz-6.x-3.0.tar.gz
Size: 115.3 KB
md5_file hash: fc300185b156b7d6e81a67104bbd189a
Last updated: June 3, 2009 - 20:06

View usage statistics for this release

This is the final release for Quiz 3.0. Since Beta 1, the changes have been focused on addressing "SA-CONTRIB-2009-033 - fix multiple XSS vulnerabilities".

See details at http://drupal.org/node/481308

quiz 6.x-2.2

mbutcher — Wed, 03 Jun 2009 20:03:18 +0000

Official release from CVS tag: DRUPAL-6--2-2
First released: June 3, 2009 - 20:03

Download: quiz-6.x-2.2.tar.gz
Size: 47.44 KB
md5_file hash: 14eda4efda7686927f68017e4fd9d038
Last updated: June 3, 2009 - 20:06

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--2-2
First released: June 3, 2009 - 20:03

Download: quiz-6.x-2.2.tar.gz
Size: 47.44 KB
md5_file hash: 14eda4efda7686927f68017e4fd9d038
Last updated: June 3, 2009 - 20:06

View usage statistics for this release

This is a security release to address "SA-CONTRIB-2009-033 - fix multiple XSS vulnerabilities"

See details at http://drupal.org/node/481308

webform 5.x-2.7

quicksketch — Wed, 03 Jun 2009 19:57:47 +0000

Official release from CVS tag: DRUPAL-5--2-7
First released: June 3, 2009 - 19:57

Download: webform-5.x-2.7.tar.gz
Size: 212.26 KB
md5_file hash: 6163617e661d512ce2942c523d1fe326
Last updated: June 3, 2009 - 20:03

View usage statistics for this release

Official release from CVS tag: DRUPAL-5--2-7
First released: June 3, 2009 - 19:57

Download: webform-5.x-2.7.tar.gz
Size: 212.26 KB
md5_file hash: 6163617e661d512ce2942c523d1fe326
Last updated: June 3, 2009 - 20:03

View usage statistics for this release

This is a maintenance release of Webform, fixing a few small bugs and a cross site scripting security fix. Upgrading is recommended for all Webform users.

Bug Fixes:
#374989: Re-ordering doesn't take

webform 6.x-2.7

quicksketch — Wed, 03 Jun 2009 19:56:30 +0000

Official release from CVS tag: DRUPAL-6--2-7
First released: June 3, 2009 - 19:56

Download: webform-6.x-2.7.tar.gz
Size: 248.98 KB
md5_file hash: 7bd1634ec1e4ac2393cbda7fa2fc6eec
Last updated: June 3, 2009 - 19:57

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--2-7
First released: June 3, 2009 - 19:56

Download: webform-6.x-2.7.tar.gz
Size: 248.98 KB
md5_file hash: 7bd1634ec1e4ac2393cbda7fa2fc6eec
Last updated: June 3, 2009 - 19:57

View usage statistics for this release

This is a maintenance release of Webform, fixing a few small bugs and a cross site scripting security fix. Upgrading is recommended for all Webform users.

Bug Fixes:
#374989: Re-ordering doesn't take

menu_stp 6.x-1.1

rwohleb — Wed, 27 May 2009 02:29:29 +0000

Official release from CVS tag: DRUPAL-6--1-1
First released: May 27, 2009 - 02:29

Download: menu_stp-6.x-1.1.tar.gz
Size: 10.61 KB
md5_file hash: 1f990d3d5009b10ddc14a9b2d4715d96
Last updated: May 27, 2009 - 02:30

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--1-1
First released: May 27, 2009 - 02:29

Download: menu_stp-6.x-1.1.tar.gz
Size: 10.61 KB
md5_file hash: 1f990d3d5009b10ddc14a9b2d4715d96
Last updated: May 27, 2009 - 02:30

View usage statistics for this release

This is the first official release of menu_stp.

This release fixes security issues in how the module handles user input.

email_verify 6.x-1.2

killes@www.drop.org — Wed, 20 May 2009 19:57:43 +0000

Official release from CVS tag: DRUPAL-6--1-2
First released: May 20, 2009 - 19:57

Download: email_verify-6.x-1.2.tar.gz
Size: 11.75 KB
md5_file hash: 4e2e774048e2ecef2611372b410b20f1
Last updated: May 20, 2009 - 20:01

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--1-2
First released: May 20, 2009 - 19:57

Download: email_verify-6.x-1.2.tar.gz
Size: 11.75 KB
md5_file hash: 4e2e774048e2ecef2611372b410b20f1
Last updated: May 20, 2009 - 20:01

View usage statistics for this release

SA-CONTRIB-2009-030

email_verify 5.x-2.1

killes@www.drop.org — Wed, 20 May 2009 19:56:42 +0000

Official release from CVS tag: DRUPAL-5--2-1
First released: May 20, 2009 - 19:56

Download: email_verify-5.x-2.1.tar.gz
Size: 11.17 KB
md5_file hash: 2367e8408e0f179a978902b5de8def22
Last updated: May 20, 2009 - 20:01

View usage statistics for this release

Official release from CVS tag: DRUPAL-5--2-1
First released: May 20, 2009 - 19:56

Download: email_verify-5.x-2.1.tar.gz
Size: 11.17 KB
md5_file hash: 2367e8408e0f179a978902b5de8def22
Last updated: May 20, 2009 - 20:01

View usage statistics for this release

SA-CONTRIB-2009-030

views_bulk_operations 5.x-1.4

kratib — Wed, 20 May 2009 18:56:15 +0000

Official release from CVS tag: DRUPAL-5--1-4
First released: May 20, 2009 - 18:56

Download: views_bulk_operations-5.x-1.4.tar.gz
Size: 18.16 KB
md5_file hash: 02dd4a0f31692e1d7555f8b32d94a621
Last updated: May 20, 2009 - 19:02

View usage statistics for this release

Official release from CVS tag: DRUPAL-5--1-4
First released: May 20, 2009 - 18:56

Download: views_bulk_operations-5.x-1.4.tar.gz
Size: 18.16 KB
md5_file hash: 02dd4a0f31692e1d7555f8b32d94a621
Last updated: May 20, 2009 - 19:02

View usage statistics for this release

SECURITY FIX:
* Added node_access() check to prevent unauthorized users from modifying nodes

BUG FIXES:
* Removed single action special case and pre-selected single action in dropdown
* Fixed inclusion of local VBO actions

views_bulk_operations 6.x-1.7

kratib — Wed, 20 May 2009 18:53:56 +0000

Official release from CVS tag: DRUPAL-6--1-7
First released: May 20, 2009 - 18:53

Download: views_bulk_operations-6.x-1.7.tar.gz
Size: 28.67 KB
md5_file hash: 7f416fe95d84c693d0bd8bab4d1138f8
Last updated: May 20, 2009 - 18:56

View usage statistics for this release

Official release from CVS tag: DRUPAL-6--1-7
First released: May 20, 2009 - 18:53

Download: views_bulk_operations-6.x-1.7.tar.gz
Size: 28.67 KB
md5_file hash: 7f416fe95d84c693d0bd8bab4d1138f8
Last updated: May 20, 2009 - 18:56

View usage statistics for this release

SECURITY FIX:
* Added node_access checks to prevent unauthorized users from modifying nodes

BUG FIXES:
* Heavy refactoring and fixing regression with Job Queue support
* Fixed support for cron actions in actions permissions
* Fixed regression with node saving

NEW FEATURES:
* Added support for 'aggregate' attribute
* Added {node,user}_operations support to actions_permissions

menu_stp 5.x-1.0

rwohleb — Wed, 20 May 2009 18:00:51 +0000

Official release from CVS tag: DRUPAL-5--1-0
First released: May 20, 2009 - 18:00

Download: menu_stp-5.x-1.0.tar.gz
Size: 10.24 KB
md5_file hash: 01e50e9711048d4168dde278099bfb94
Last updated: May 20, 2009 - 18:05

View usage statistics for this release

Official release from CVS tag: DRUPAL-5--1-0
First released: May 20, 2009 - 18:00

Download: menu_stp-5.x-1.0.tar.gz
Size: 10.24 KB
md5_file hash: 01e50e9711048d4168dde278099bfb94
Last updated: May 20, 2009 - 18:05

View usage statistics for this release

This is the first official release of menu_stp.

This release fixes security issues in how the module handles user input.