[ubuntu-web] Security Issue with ubuntu-drupal-theme

Matthew Nuzum newz at bearfruit.org
Wed Oct 20 22:48:17 BST 2010


Michael, thanks for helping to correct and publicize this issue in a
responsible way.

Those who use the ubuntu theme, please do the update. It looks like a very
quick easy fix. If you need help, hop onto #ubuntu-website in IRC.

On Wed, Oct 20, 2010 at 4:11 PM, Michael Lustfield
<mtecknology at ubuntu.com>wrote:

> I want to make everyone aware of a security issue that resulted in the
> ubuntu-drupal-theme project. The old theme (6.x-brown) generated an
> image "on the fly" from two colors given to it. The issue happens at
> the point where the two colors are given. Without given too horribly
> much detail, it's through this file that directory traversal is
> possible.
>
> Once made aware of the issue the Drupal security and I worked to
> quickly yet effectively push the resolution to all sources.
>
> You are very highly encouraged to update your theme if you are using
> the old branch. The resolution was to just replace that PHP file with a
> static image as nobody seems to have elected changing it anyway.
>
> In addition, I would like to mention that the new light-drupal-theme is
> in a position to be used by whoever is interested.
>
> So please, update your version of the theme asap. I'm sorry about any
> issues that occurred because of this.
> --
> Michael Lustfield
> Kalliki Software, LLC
>
> Network and Systems Administrator
>
> --
> Ubuntu-website mailing list
> Ubuntu-website at lists.canonical.com
> https://lists.canonical.com/mailman/listinfo/ubuntu-website
>



-- 
Matthew Nuzum
newz2000 on freenode, skype, linkedin, identi.ca and twitter

"An investment in knowledge pays the best interest." -Benjamin Franklin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.canonical.com/archives/ubuntu-website/attachments/20101020/1a0c8ebe/attachment-0001.htm 


More information about the Ubuntu-website mailing list