An access bypass was discovered in the FileField module. This could allow a user to gain access to files attached to a revision they would otherwise not have access to: https://drupal.org/node/2194639 This issue is resolved in version 6.x-3.12: https://drupal.org/node/2194103
Created drupal6-filefield tracking bugs for this issue: Affects: fedora-all [bug 1064842] Affects: epel-all [bug 1064843]
drupal6-filefield-3.12-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
drupal6-filefield-3.12-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
drupal6-filefield-3.12-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
drupal6-filefield-3.12-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
All dependant bugs are closed. Should the packager close this bug or should you?
Hi Shawn, Thanks for the fast fixes with these! The Security Response Team closes these ones (the ones filed against the "Security Response" Product).