Site Navigation:
security drupal6-6.27-1.el5, drupal7-7.18-1.el5 security update
Status:stable
Release: Fedora EPEL 5
Update ID: FEDORA-EPEL-2012-13816
Builds: drupal6-6.27-1.el5 (logs)
drupal7-7.18-1.el5 (logs)
Pushed: True
Date Submitted: 2012-12-20 12:57:39
Date Released: 2012-12-20 23:53:52
Submitter: limb
Karma: 0
Details

Upstream Drupal has reported SA-CORE-2012-004 [1] which corrects multiple vulnerabilities:

1) Access bypass (User module search - Drupal 6 and 7) 2) Access bypass (Upload module - Drupal 6) 3) Arbitrary PHP code execution (File upload modules - Drupal 6 and 7)

CVEs have been requested and are not yet assigned.

These flaws have been fixed in Drupal 6.27 and 7.18.

[1] http://drupal.org/SA-CORE-2012-004

Bugs Fixed
888990 - CVE-2012-5651: CVE-2012-5652 CVE-2012-5653 drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004)
888991 - drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004) [fedora-all]
888992 - drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004) [epel-all]
888993 - drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004) [fedora-all]
888994 - drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004) [epel-all]
Feedback
bodhi - 2012-12-20 12:58:13
This update has been submitted for testing by limb.
bodhi - 2012-12-20 22:56:55
This update is currently being pushed to the Fedora EPEL 5 testing updates repository.
bodhi - 2012-12-21 00:31:59
This update has been pushed to testing
bodhi - 2013-01-04 10:06:41
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2013-01-04 13:59:18
This update has been submitted for stable by limb.
bodhi - 2013-01-04 17:51:57
This update is currently being pushed to the Fedora EPEL 5 stable updates repository.
bodhi - 2013-01-04 19:43:19
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters