Request for security bump to 7.31 and 6.33 due to DoS vulnerability. Reproducible: Always Actual Results: Drupal's xmlrpc.php is vulnerable to an XML entity expansion attack and other related XML payload attacks, which can cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections, leading to DoS. As a workaround and until an upgrade to >=7.31 or >=6.33, you can remove the xmlrpc.php file from the root of Drupal core (or add a rule to .htaccess to prevent access to xmlrpc.php) and disable the OpenID module if installed.
*** Bug 518346 has been marked as a duplicate of this bug. ***
12:59 < irker982> gentoo-x86: jmbsvicetto www-apps/drupal: Version bump - 6.33 and 7.31. Fixes bug 519244 - (SA-CORE-2014-004). Bump done and old versions dropped.
Maintainers, thanks for your work.
