Michael, thanks for helping to correct and publicize this issue in a responsible way.
Those who use the ubuntu theme, please do the update. It looks like a very quick easy fix. If you need help, hop onto #ubuntu-website in IRC. On Wed, Oct 20, 2010 at 4:11 PM, Michael Lustfield <[email protected]>wrote: > I want to make everyone aware of a security issue that resulted in the > ubuntu-drupal-theme project. The old theme (6.x-brown) generated an > image "on the fly" from two colors given to it. The issue happens at > the point where the two colors are given. Without given too horribly > much detail, it's through this file that directory traversal is > possible. > > Once made aware of the issue the Drupal security and I worked to > quickly yet effectively push the resolution to all sources. > > You are very highly encouraged to update your theme if you are using > the old branch. The resolution was to just replace that PHP file with a > static image as nobody seems to have elected changing it anyway. > > In addition, I would like to mention that the new light-drupal-theme is > in a position to be used by whoever is interested. > > So please, update your version of the theme asap. I'm sorry about any > issues that occurred because of this. > -- > Michael Lustfield > Kalliki Software, LLC > > Network and Systems Administrator > > -- > Ubuntu-website mailing list > [email protected] > https://lists.canonical.com/mailman/listinfo/ubuntu-website > -- Matthew Nuzum newz2000 on freenode, skype, linkedin, identi.ca and twitter "An investment in knowledge pays the best interest." -Benjamin Franklin
-- loco-contacts mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/loco-contacts
