Overlooked it was not sent to debian-user list. -------- Original Message --------
Hello Nico, On 10/07/2012 08:25 PM, Nico Golde wrote: > Hi, > Providing security updates for packages in Debian is still based on voluntary > work. Therefore it can happen sometimes that either a security fix is > overlooked or no person has committed to provide/release an updated package. > The latter probably applies in this case. I fully agree on that, understand that and am thankful to everybody working on Debian project. > Can you further specify what exactly you mean by cracked? This would be > interesting as even though two CVE ids are marked as unfixed in stable, none > of the issues qualifies for example to execute code on a remote drupal > installation. I do not know what security issue was used to crack my site - they used some Drupal weakness to create some php files in Drupal install dir remotely and without getting SFTP access. I had a look on the state of the drupal6 package just after and noticed there are some critical bugfixes not backported to stable branch. That's all at the very moment. -- Peter |