I want to make everyone aware of a security issue that resulted in the ubuntu-drupal-theme project. The old theme (6.x-brown) generated an image "on the fly" from two colors given to it. The issue happens at the point where the two colors are given. Without given too horribly much detail, it's through this file that directory traversal is possible.
Once made aware of the issue the Drupal security and I worked to quickly yet effectively push the resolution to all sources. You are very highly encouraged to update your theme if you are using the old branch. The resolution was to just replace that PHP file with a static image as nobody seems to have elected changing it anyway. In addition, I would like to mention that the new light-drupal-theme is in a position to be used by whoever is interested. So please, update your version of the theme asap. I'm sorry about any issues that occurred because of this. -- Michael Lustfield Kalliki Software, LLC Network and Systems Administrator -- loco-contacts mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/loco-contacts
