Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5655 to the following vulnerability: The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5655 [2] http://www.openwall.com/lists/oss-security/2012/12/20/1 [3] http://drupal.org/node/1870550 [4] http://drupalcode.org/project/context.git/commitdiff/4452bf1 [5] http://drupalcode.org/project/context.git/commitdiff/d8bf8b6 [6] http://www.securityfocus.com/bid/56993 [7] http://secunia.com/advisories/51517
This issue affects the versions of the drupal6-context package, as shipped with Fedora release of 17 and with Fedora EPEL 6. Please schedule an update. -- This issue affects the versions of the drupal7-context package, as shipped with Fedora release of 16, 17, Fedora EPEL 5, and Fedora EPEL 6. Please schedule an update.
Created drupal6-context tracking bugs for this issue Affects: fedora-17 [bug 891586] Affects: epel-6 [bug 891587]
Created drupal7-context tracking bugs for this issue Affects: fedora-all [bug 891589] Affects: epel-all [bug 891590]
drupal6-context-3.1-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
All updates for this are pushed.