Bug 192464

Summary: Drupal security update (SA-CORE-2014-004)
Product: Ports & Packages Reporter: logan
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed FIXED    
Severity: Affects Some People CC: simon.wright
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   

Description logan 2014-08-07 07:48:18 UTC 
Drupal has issued a security advisory for a Denial of Service attack that can be done using XMLRPC.
Comment 1 John Marino freebsd_committer freebsd_triage 2014-08-07 08:22:18 UTC 
www/drupal6 ?
www/drupal7 ?

Can you explicitly specify which ports are affected?
Comment 2 John Marino freebsd_committer freebsd_triage 2014-08-07 08:24:17 UTC 
also: the maintainer of both is on vacation.
If you want somebody else to do it before he gets back, you need to provide a real patch.
Comment 3 John Marino freebsd_committer freebsd_triage 2014-08-09 12:02:40 UTC 
Moving to "OPEN".  miwi@, the maintainer, is on vacation.  Submitter promised a patch but it's not here yet.
Comment 4 Simon Wright 2014-10-11 10:02:22 UTC 
Patch is available under https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193423
Comment 5 Mark Linimon freebsd_committer freebsd_triage 2014-10-17 20:15:19 UTC 
Committed as part of 193423.