Drupal versions 6, 7 and 8 do not properly sanitize requests allowing remote attackers without credentials to execute arbitrary code.
This issue was patched in the following versions:
Created drupal8 tracking bugs for this issue:
Affects: fedora-all [bug 1561855]
Created drupal7 tracking bugs for this issue:
Affects: fedora-all [bug 1561857]
Affects: epel-all [bug 1561858]
Created drupal6 tracking bugs for this issue:
Affects: epel-6 [bug 1561856]
drupal6-6.38-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
All dependent bugs have been closed. Can this tracking bug be closed?
In reply to comment #5:
> All dependent bugs have been closed. Can this tracking bug be closed?