It was discovered that the Image Resize Filter did not limit the number of resized images per post that a user could send. An attacker could use this flaw to cause a denial of service by submitting a post containing a large number of images to resize: https://drupal.org/node/2194655 Note that the above advisory states "This vulnerability is mitigated by the fact that an attacker must have a role that allows them to post content that utilizes the image resize filter." This issue is resolved in version 6.x-1.14: https://drupal.org/node/2194063
Created drupal6-image_resize_filter tracking bugs for this issue: Affects: fedora-19 [bug 1064857]
drupal6-image_resize_filter-1.14-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
drupal6-image_resize_filter-1.14-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
drupal6-image_resize_filter-1.14-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
drupal6-image_resize_filter-1.14-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
All dependant bugs are closed. Should the packager close this bug or should you?
Thanks also for this one!