Description of problem: upgrade to drupal 7.32 Version-Release number of selected component (if applicable): centos 6.5 How reproducible: always Steps to Reproduce: 1. yum info drupal7 2. 3. Actual results: shows version 7.31 Expected results: Additional info:
7.32 fixes CVE-2014-3704. Here is the description of that cve: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.
drupal7-7.32-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3421/drupal7-7.32-1.el6
Thanks for the report. Drupal 7.32 was packaged and put into the release process the same day SA-CORE-2014-005 was announced (Oct 15 2014). It is currently available in the testing repository but requires either 2 weeks in that repo or +3 karma to be pushed to stable. You can verify this by running "yum info --enablerepo=epel-testing drupal7". From my date calculations, the 2 weeks is today! As soon as the release tool alerts us that we can push it to stable we will do so. https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3421/drupal7-7.32-1.el6
drupal7-7.32-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.