[SECURITY] Fedora EPEL 4 Update: drupal-5.19-1.el4

[updates at fedoraproject.org]

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0003
2009-07-07 01:13:07
--------------------------------------------------------------------------------

Name        : drupal
Product     : Fedora EPEL 4
Version     : 5.19
Release     : 1.el4
URL         : http://www.drupal.org
Summary     : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites.  Drupal is highly
configurable, skinnable, and secure.

--------------------------------------------------------------------------------
Update Information:

When an anonymous user fails to login due to mistyping his username or password,
and the page he is on contains a sortable table, the (incorrect) username and
password are included in links on the table. If the user visits these links the
password may then be leaked to external sites via the HTTP referer. In addition,
if the anonymous user is enticed to visit the site via a specially crafted URL
while the Drupal page cache is enabled, a malicious user might be able to
retrieve the "incorrect" username and password from the page cache.
http://drupal.org/node/507572
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update drupal' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------