Note that this module was NOT part of Drupal core and that the amount of site using it was therefore limited (I myself never heard of it before). This is an edge case: the module was found to be badly designed and has been unpublished until the author rewrites it. This should be sorted out shortly. This case should not be generalized and in 99% of the cases, a new release is provided with the Security Announcement.

scor.

On Tue, Sep 30, 2008 at 8:39 PM, Karanbir Singh <kbsingh@centos.org> wrote:

Dag Wieers wrote:

Surely this is the responsibility of the drupal devteam and not the userbase to ensure stuff like this is not included. That specific module was at some time distributed from the drupal.org website wasent it ?

Does the absense of such bug-reports make a solution more secure ?

well, does a widely circulated known exploit that isnt going to get a fix instill confidence in you ?

--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #centos@irc.freenode.net
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel