Bug 1033758 - CVE-2013-6385 CVE-2013-6386 CVE-2013-6387 CVE-2013-6388 CVE-2013-6389 drupal: multiple vulnerabilities corrected in 6.29 and 7.24 (SA-CORE-2013-003)
Summary: CVE-2013-6385 CVE-2013-6386 CVE-2013-6387 CVE-2013-6388 CVE-2013-6389 drupal:...
Keywords:
Status: CLOSED DUPLICATE of bug 1032973
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1032974 1032975 1032976 1032977 1033759 1033760 1033761 1033762
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-22 19:37 UTC by Vincent Danen
Modified: 2021-02-17 07:08 UTC (History)
6 users (show)

Fixed In Version: drupal 6.29, drupal 7.24
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-11-27 17:07:06 UTC
Embargoed:


Attachments (Terms of Use)

Description Vincent Danen 2013-11-22 19:37:17 UTC
Drupal 6.29 and 7.24 were released November 20th and with it SA-CORE-2013-003 which describes the following:

Affecting both Drupal 6.x and 7.x:

* Multiple vulnerabilities due to optimistic cross-site request forgery protection (Form API validation - Drupal 6 and 7)
* Multiple vulnerabilities due to weakness in pseudorandom number generation using mt_rand() (Form API, OpenID and random password generation - Drupal 6 and 7)
* Code execution prevention (Files directory .htaccess for Apache - Drupal 6 and 7)
* Access bypass (Security token validation - Drupal 6 and 7)

Affecting only Drupal 7.x:

* Cross-site scripting (Image module - Drupal 7)
* Cross-site scripting (Color module - Drupal 7)
* Open redirect (Overlay module - Drupal 7)

CVEs have not yet been assigned.


External Reference:

https://drupal.org/SA-CORE-2013-003

Comment 1 Vincent Danen 2013-11-22 19:38:54 UTC
Created drupal7 tracking bugs for this issue:

Affects: fedora-all [bug 1033761]
Affects: epel-all [bug 1033762]

Comment 2 Vincent Danen 2013-11-22 19:39:10 UTC
Created drupal6 tracking bugs for this issue:

Affects: fedora-all [bug 1033759]
Affects: epel-all [bug 1033760]

Comment 3 Agostino Sarubbo 2013-11-25 10:42:18 UTC
duplicate of 1032973 ?

Comment 4 Peter Borsa 2013-11-27 17:07:06 UTC

*** This bug has been marked as a duplicate of bug 1032973 ***

Comment 5 Vincent Danen 2013-11-27 21:38:29 UTC
Probably should have been closed the other way around.  Please let SRT handle that next time.


Note You need to log in before you can comment on or make changes to this bug.