The Drupal reports that Drupal 7.12 contains the following vulnerability: Access bypass - private images CVE: CVE-2012-1591 Drupal core provides the ability to have private files, including images, and Image Styles which create derivative images from an original image that may differ, for example, in size or saturation. Drupal core failed to properly terminate the page request for cached image styles allowing users to access image derivatives for images they should not be able to view. Furthermore, Drupal didn't set the right headers to prevent image styles from being cached in the browser. External reference: http://drupal.org/node/1557938
Created drupal7 tracking bugs for this issue Affects: fedora-all [bug 956481]
Created drupal7 tracking bugs for this issue Affects: epel-all [bug 956483]