lp:debian/wheezy/drupal7
- Get this branch:
- bzr branch lp:debian/wheezy/drupal7
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 21. By Gunnar Wolf
-
* Backported from 7.38: SA-CORE-2015-002 (Multiple vulnerabilities. CVE
IDs assigned as follows:
+ Impersonation (OpenID module - Drupal 6 and 7): CVE-2015-3234
+ Open redirect (Field UI module - Drupal 7): CVE-2015-3232
+ Open redirect (Overlay module - Drupal 7: CVE-2015-3233
+ Information disclosure (Render cache system - Drupal 7): CVE-2015-3231
* Refreshed patches that are applied for the build process, lowering the
amount of build-noise generated. - 20. By Gunnar Wolf
-
Backported from version 7.34 addressing SA-CORE-2014-006 (Session
hijacking, denial of service) - 19. By Gunnar Wolf
-
* Backported from version 7.31 addressing SA-CORE-2014-004 (Denial of
service due to a XML entity expansion attack). CVE not yet assigned.
* Added DEP3 headers to patches created in 2014l - 18. By Gunnar Wolf
-
* Backported from version 7.27 addressing an information disclosure
vulnerability; (CVE-2014-2983, SA-CORE-2014-002)
* Fixed a regression caused by the backported 7.27 fix which breaks
IE8 (see https://drupal. org/node/ 2245331# comment- 8699683)
* deb7u3 version skipped due to a botched upload :-| - 17. By Gunnar Wolf
-
* Backported fixes from version 7.26 addressing several security
vulnerabilities; see advisory in https://drupal. org/SA- CORE-2014- 001
+ Impersionation while using OpenID (CVE-2014-1475)
+ Access bypass in the taxonomy module (CVE-2014-1476)
+ Security hardening in the Form API - 16. By Gunnar Wolf
-
* Backported fixes from version 7.24 addresing several security
vulnerabilities (SA-CORE-2013-003), including:
* Multiple vulnerabilities due to optimistic cross-site request forgery
protection (Form API validation) (CVE-2013-6385)
* Multiple vulnerabilities due to weakness in pseudorandom number
generation using mt_rand() (Form API, OpenID and random password
generation - Drupal 6 and 7) (CVE-2013-6386)
* Code execution prevention (Files directory .htaccess for Apache -
(security hardening)
* Access bypass (Security token validation)
Treating as security hardening
* Cross-site scripting (Image module) (CVE-2013-6387).
* Cross-site scripting (Color module) (CVE-2013-6388).
* Open redirect (Overlay module) (CVE-2013-6389). - 15. By Luigi Gangitano
-
[ Luigi Gangitano ]
* Urgency high due to security fixes* Acknowledge NMUs from Gunnar Wolf
* Incorporated fix for DoS on image derivative generation
(Ref: SA-CORE-2013-002, CVE-2013-0316) (Closes: #701165)* Removed update warnings for Drupal core, since security fixes are provided
by Debian updates. (Closes: #700545) - 14. By Gunnar Wolf
-
* Non-maintainer upload.
* Incorporated the fix for SA-CORE-2013-001 (the full diff between 7.18
and 7.19) (Closes: #698334)
* Added the missing DEP3 header to the patch introduced in 7.14-1.2 - 13. By Gunnar Wolf
-
* Non-maintainer upload.
* Incorporated the fix for SA-CORE-2012-004 (the full diff between
7.17 and 7.18) - 12. By Gunnar Wolf
-
* Non-maintainer upload.
* Incorporated the fix for SA-CORE-2012-003 (the full diff between
7.15 and 7.16)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/drupal7