Bug 1159108
| Summary: | drupal 7.32 upgrade | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | kc8hfi |
| Component: | drupal7 | Assignee: | Shawn Iwinski <shawn> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | el6 | CC: | gwync, hello, jsmith.fedora, shawn, stickster |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | drupal7-7.32-1.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-11-01 22:32:29 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
kc8hfi
2014-10-31 01:42:56 UTC
7.32 fixes CVE-2014-3704. Here is the description of that cve: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users. drupal7-7.32-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3421/drupal7-7.32-1.el6 Thanks for the report. Drupal 7.32 was packaged and put into the release process the same day SA-CORE-2014-005 was announced (Oct 15 2014). It is currently available in the testing repository but requires either 2 weeks in that repo or +3 karma to be pushed to stable. You can verify this by running "yum info --enablerepo=epel-testing drupal7". From my date calculations, the 2 weeks is today! As soon as the release tool alerts us that we can push it to stable we will do so. https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3421/drupal7-7.32-1.el6 drupal7-7.32-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |