Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 558330

Summary: <www-apps/drupal-{6.37,7.39}: Multiple vulnerabilities (DRUPAL-SA-CORE-2015-003)
Product: Gentoo Security Reporter: MickKi <confabulate>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.drupal.org/SA-CORE-2015-003
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description MickKi 2015-08-21 07:31:45 UTC 
Drupal versions <6.37 and <7.39 are affected by multiple vulnerabilities.

Reproducible: Always

Actual Results:  
The vulnerabilities will expose certain installations and configurations to XSS, SQL injection, cross-site request forgery and information disclosure.

Expected Results:  
Can you please upgrade to versions 6.37 and 7.39.

The above vulnerabilities will not affect every installation, because there can be mitigating circumstances for some installations, but upstream mark this SA as critical and recommend upgrading drupal core for v6.x and v7.x installations.

-- 
Regards,
Mick
Comment 1 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2015-08-22 13:40:28 UTC 
13:38 < gentoovcs> jmbsvicetto → repo/gentoo (www-apps/drupal/, www-apps/drupal/files/) Version bump to 6.37 and 7.39 to address DRUPAL-SA-CORE-2015-003 - fixes bug 558330.
13:38 < willikins> gentoovcs: https://bugs.gentoo.org/558330 "<www-apps/drupal-{6.37,7.39}: Multiple vulnerabilities (DRUPAL-SA-CORE-2015-003)"; Gentoo Security, Vulnerabilities; CONF; michaelkintzios:security

New versions added to the tree and old versions dropped.