Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 558330 - <www-apps/drupal-{6.37,7.39}: Multiple vulnerabilities (DRUPAL-SA-CORE-2015-003)
Summary: <www-apps/drupal-{6.37,7.39}: Multiple vulnerabilities (DRUPAL-SA-CORE-2015-003)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://www.drupal.org/SA-CORE-2015-003
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-21 07:31 UTC by MickKi
Modified: 2015-08-25 09:16 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description MickKi 2015-08-21 07:31:45 UTC
Drupal versions <6.37 and <7.39 are affected by multiple vulnerabilities.

Reproducible: Always

Actual Results:  
The vulnerabilities will expose certain installations and configurations to XSS, SQL injection, cross-site request forgery and information disclosure.

Expected Results:  
Can you please upgrade to versions 6.37 and 7.39.

The above vulnerabilities will not affect every installation, because there can be mitigating circumstances for some installations, but upstream mark this SA as critical and recommend upgrading drupal core for v6.x and v7.x installations.

-- 
Regards,
Mick
Comment 1 Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2015-08-22 13:40:28 UTC
13:38 < gentoovcs> jmbsvicetto → repo/gentoo (www-apps/drupal/, www-apps/drupal/files/) Version bump to 6.37 and 7.39 to address DRUPAL-SA-CORE-2015-003 - fixes bug 558330.
13:38 < willikins> gentoovcs: https://bugs.gentoo.org/558330 "<www-apps/drupal-{6.37,7.39}: Multiple vulnerabilities (DRUPAL-SA-CORE-2015-003)"; Gentoo Security, Vulnerabilities; CONF; michaelkintzios:security

New versions added to the tree and old versions dropped.