The Drupal reports that Drupal 7.12 contains the following vulnerability: Access bypass - forum listing CVE: CVE-2012-1590 Drupal core's forum lists fail to check user access to nodes when displaying them in the forum overview page. If an unpublished node was the most recently updated in a forum then users who should not have access to unpublished forum posts were still be able to see meta-data about the forum post such as the post title. External reference: http://drupal.org/node/1557938
Created drupal7 tracking bugs for this issue Affects: fedora-all [bug 956481]
Created drupal7 tracking bugs for this issue Affects: epel-all [bug 956483]