A flaw was found in Drupal 7. Drupal core has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site. References: https://www.drupal.org/sa-core-2018-001
Created drupal7 tracking bugs for this issue: Affects: epel-all [bug 1548201] Affects: fedora-all [bug 1548202]
All dependent bugs have been closed. Can this tracking bug be closed as well?
In reply to comment #2: > All dependent bugs have been closed. Can this tracking bug be closed as > well? Yes, I'm closing this
drupal6-6.38-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.