Re: Vulnerability in multiple themes for Drupal

[Greg Knaddison <greg.knaddison () acquia com>]

/* Pardon my failure to thread this properly. I just subscribed so
future responses can be threaded properly. */

http://seclists.org/fulldisclosure/2011/Oct/22 reports vulnerabilities
in several themes based on the cumulus.swf file.

That file is not present in those themes in the format distributed
from drupal.org.

For example, http://drupalcode.org/project/danland.git/tree/refs/heads/6.x-3.x
shows there is no cumulus.swf in the danland theme which was one of
the themes listed as vulnerable by mustlive.

Since there is no vulnerability in these themes the Drupal Security
Team will not be making an announcement about them.

Regards,
Greg Knaddison, a member of the Drupal Security Team speaking my own behalf

-- 
Director Security Services
Skype: greg.knaddison | http://twitter.com/greggles | http://acquia.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/