lp:debian/drupal7
- Get this branch:
- bzr branch lp:debian/drupal7
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 35. By Gunnar Wolf
-
* Set myself as the maintainer, Luigi as an uploader (to more reliably
get bug notifications)
* New upstream version
* Fixes a security vulnerability (SA-CORE-2015-003) that can lead to
cross site scripting, access bypass, SQL injection, open redirect. - 34. By Gunnar Wolf
-
* New upstream version
* Removed patches covering the differences since 7.32, as the freeze and
release are done.
* Several vulnerabilities fixed: SA-CORE-2015-002
+ Impersonation (OpenID module - Drupal 6 and 7): CVE-2015-3234
+ Open redirect (Field UI module - Drupal 7): CVE-2015-3232
+ Open redirect (Overlay module - Drupal 7: CVE-2015-3233
+ Information disclosure (Render cache system - Drupal 7): CVE-2015-3231 - 32. By Gunnar Wolf
-
Backported from 7.35: SA-CORE-2015-001 (Access bypass on password
reset URLs; Open redirect) - 31. By Gunnar Wolf
-
* Updated the VCS URL in debian/control as git.debian.org is deprecated
* Debian has frozen! We will start backporting the important fixes to
7.32
* Backported from 7.34: SA-CORE-2014-006 (Session hijacking CVE-2014-
9015, Denial of service CVE-2014-9016)
* Several minor reliability fixes backported from 7.33 - 30. By Gunnar Wolf
-
* New upstream release
* Fixes highly critical security risk CVE-2014-3704; SA-CORE-2014-005
(SQL injection)
* Standards-version 3.9.5 → 3.9.6 (no changes needed) - 29. By Gunnar Wolf
-
* New upstream release
* Fixes SA-CORE-2014-004 (XML-RPC endpoint vulnerable to an XML entity
expansion attack and other related attacks which can lead to a DoS:
CPU and memory exhaustion, DB resource starvation)
* This is the "Congratulations to Octavio and Claudia" upload. - 27. By Gunnar Wolf
-
* New upstream release
* Fixes SA-CORE-2014-003 (Denial of service; access bypass; 2×cross-
site scripting) (Closes: #755038)
* Setting urgency as high due to the security issues this release closes.
* Add a build-dependency on yui-compressor and actually build the
minified JS files excluded from the package. (Closes: #750666)
* Added lintian overrides for shipped sources, specific JS version - 26. By Gunnar Wolf
-
* New upstream release
* Dropped patch "fix_ajax_regression" - incorporated upstream
* Added support for SQLite installs (Closes: #712991)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)