Re: Security support for CMSes

[Robert Pommrich <LeProvokateur@gmx.de>]

Hi,

Am 07.10.2012 12:19, schrieb Peter Viskup:
> Hello everybody,
> I am using Drupal6 from Debian repositories as I thought that Debian is
> taking care of the security fixes and therefore I do not have to take
> care too much.
> Unfortunately one of my sites was cracked and there were none of
> security fixes released in June 2012 by Drupal community backported to
> main release till today. The only 'fixed' version of Drupal6 is
> available on backports.debian.org.
> Do you use Debian versions of CMSes?
> Are you continuously checking the main releases and checking the states
> of Debian packages?
> What are your proposals for running any CMS available in Debian
> repositories?
> Does somebody have similar experience from the past or with another CMS
> from Debian repositories?

you should address the issue to the maintainer luigi@debian.org,
and the security team [1] (security@debian.org or
team@security.debian.org), which I put in CC.

Looking at

http://security-tracker.debian.org/tracker/status/release/stable

there are 2 issues which are not fixed in the current stable version of
drupal6. Perhaps the maintainer and/or the security team overlooked them.

[1] http://www.debian.org/security/faq#contact

Robert
> Thank you.
> 
> Best regards,
> -- 
> Peter Viskup
> 
>