Drupal versions <6.37 and <7.39 are affected by multiple vulnerabilities. Reproducible: Always Actual Results: The vulnerabilities will expose certain installations and configurations to XSS, SQL injection, cross-site request forgery and information disclosure. Expected Results: Can you please upgrade to versions 6.37 and 7.39. The above vulnerabilities will not affect every installation, because there can be mitigating circumstances for some installations, but upstream mark this SA as critical and recommend upgrading drupal core for v6.x and v7.x installations. -- Regards, Mick
13:38 < gentoovcs> jmbsvicetto → repo/gentoo (www-apps/drupal/, www-apps/drupal/files/) Version bump to 6.37 and 7.39 to address DRUPAL-SA-CORE-2015-003 - fixes bug 558330. 13:38 < willikins> gentoovcs: https://bugs.gentoo.org/558330 "<www-apps/drupal-{6.37,7.39}: Multiple vulnerabilities (DRUPAL-SA-CORE-2015-003)"; Gentoo Security, Vulnerabilities; CONF; michaelkintzios:security New versions added to the tree and old versions dropped.
