Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 525514 (CVE-2014-3704) - <www-apps/drupal-7.32: SQL injection (SA-CORE-2014-005) (CVE-2014-3704)
Summary: <www-apps/drupal-7.32: SQL injection (SA-CORE-2014-005) (CVE-2014-3704)
Status: RESOLVED FIXED
Alias: CVE-2014-3704
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://www.drupal.org/SA-CORE-2014-005
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-15 17:51 UTC by MickKi
Modified: 2014-11-08 21:22 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description MickKi 2014-10-15 17:51:24 UTC
Please update the tree with version 7.32, due to a critical SQL injection vulnerability with previous versions.

Reproducible: Always




There is also a mysql patch offered for site installations that cannot be updated immediately:

https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch

-- 
Regards,
Mick
Comment 1 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2014-10-17 13:04:02 UTC
13:03 < irker043> gentoo-x86: jmbsvicetto www-apps/drupal: Bump to release 7.32 - fixes bug 525514 (CVE-2014-3704)

7.32 is now in the tree and 7.31 was dropped.
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-11-08 21:21:33 UTC
Thank you for the report and version bump. 

No stable version, so no glsa. Closing as fixed.