A flaw was found in Drupal 7. Drupal core has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
Created drupal7 tracking bugs for this issue:
Affects: epel-all [bug 1548201]
Affects: fedora-all [bug 1548202]
All dependent bugs have been closed. Can this tracking bug be closed as well?
In reply to comment #2:
> All dependent bugs have been closed. Can this tracking bug be closed as
Yes, I'm closing this
drupal6-6.38-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.