<div dir="ltr">Note that this module was NOT part of Drupal core and that the amount of site using it was therefore limited (I myself never heard of it before). This is an edge case: the module was found to be badly designed and has been unpublished until the author rewrites it. This should be sorted out shortly. This case should not be generalized and in 99% of the cases, a new release is provided with the Security Announcement.<br>
<br>scor.<br><br><div class="gmail_quote">On Tue, Sep 30, 2008 at 8:39 PM, Karanbir Singh <span dir="ltr"><<a href="mailto:kbsingh@centos.org" target="_blank">kbsingh@centos.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>Dag Wieers wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Surely this is the responsibility of the drupal devteam and not the userbase to ensure stuff like this is not included. That specific module was at some time distributed from the <a href="http://drupal.org" target="_blank">drupal.org</a> website wasent it ?<br>
</blockquote>
<br>
Does the absense of such bug-reports make a solution more secure ?<br>
</blockquote>
<br></div>
well, does a widely circulated known exploit that isnt going to get a fix instill confidence in you ?<div><br>
<br>
-- <br>
Karanbir Singh<br>
CentOS Project { <a href="http://www.centos.org/" target="_blank">http://www.centos.org/</a> }<br>
irc: z00dax, #<a href="mailto:centos@irc.freenode.net" target="_blank">centos@irc.freenode.net</a><br>
_______________________________________________<br></div><div><div></div><div>
CentOS-devel mailing list<br>
<a href="mailto:CentOS-devel@centos.org" target="_blank">CentOS-devel@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos-devel" target="_blank">http://lists.centos.org/mailman/listinfo/centos-devel</a><br>
</div></div></blockquote></div><br></div>