Multiple vulnerabilties were fixed in latest drupal7 and released in an advisory. CVE numbers are to be requested by the Drupal Security Team.
Created drupal7 tracking bugs for this issue:
Affects: fedora-all [bug 1396423]
Affects: epel-all [bug 1396424]
All dependent bugs closed.