lp:debian/wheezy/drupal7

Related source package recipes

1 recipe using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

21. By Gunnar Wolf on 2015-06-18

* Backported from 7.38: SA-CORE-2015-002 (Multiple vulnerabilities. CVE
  IDs assigned as follows:
  + Impersonation (OpenID module - Drupal 6 and 7): CVE-2015-3234
  + Open redirect (Field UI module - Drupal 7): CVE-2015-3232
  + Open redirect (Overlay module - Drupal 7: CVE-2015-3233
  + Information disclosure (Render cache system - Drupal 7): CVE-2015-3231
* Refreshed patches that are applied for the build process, lowering the
  amount of build-noise generated.

20. By Gunnar Wolf on 2014-11-19

Backported from version 7.34 addressing SA-CORE-2014-006 (Session
hijacking, denial of service)

19. By Gunnar Wolf on 2014-08-06

* Backported from version 7.31 addressing SA-CORE-2014-004 (Denial of
  service due to a XML entity expansion attack). CVE not yet assigned.
* Added DEP3 headers to patches created in 2014l

18. By Gunnar Wolf on 2014-04-21

* Backported from version 7.27 addressing an information disclosure
  vulnerability; (CVE-2014-2983, SA-CORE-2014-002)
* Fixed a regression caused by the backported 7.27 fix which breaks
  IE8 (see https://drupal.org/node/2245331#comment-8699683)
* deb7u3 version skipped due to a botched upload :-|

17. By Gunnar Wolf on 2014-01-15

* Backported fixes from version 7.26 addressing several security
  vulnerabilities; see advisory in https://drupal.org/SA-CORE-2014-001
  + Impersionation while using OpenID (CVE-2014-1475)
  + Access bypass in the taxonomy module (CVE-2014-1476)
  + Security hardening in the Form API

16. By Gunnar Wolf on 2013-11-23

* Backported fixes from version 7.24 addresing several security
  vulnerabilities (SA-CORE-2013-003), including:
  * Multiple vulnerabilities due to optimistic cross-site request forgery
    protection (Form API validation) (CVE-2013-6385)
  * Multiple vulnerabilities due to weakness in pseudorandom number
    generation using mt_rand() (Form API, OpenID and random password
    generation - Drupal 6 and 7) (CVE-2013-6386)
  * Code execution prevention (Files directory .htaccess for Apache -
    (security hardening)
  * Access bypass (Security token validation)
    Treating as security hardening
  * Cross-site scripting (Image module) (CVE-2013-6387).
  * Cross-site scripting (Color module) (CVE-2013-6388).
  * Open redirect (Overlay module) (CVE-2013-6389).

15. By Luigi Gangitano on 2013-02-23

[ Luigi Gangitano ]
* Urgency high due to security fixes

* Acknowledge NMUs from Gunnar Wolf

* Incorporated fix for DoS on image derivative generation
  (Ref: SA-CORE-2013-002, CVE-2013-0316) (Closes: #701165)

* Removed update warnings for Drupal core, since security fixes are provided
  by Debian updates. (Closes: #700545)

14. By Gunnar Wolf on 2013-01-29

* Non-maintainer upload.
* Incorporated the fix for SA-CORE-2013-001 (the full diff between 7.18
  and 7.19) (Closes: #698334)
* Added the missing DEP3 header to the patch introduced in 7.14-1.2

13. By Gunnar Wolf on 2013-01-11

* Non-maintainer upload.
* Incorporated the fix for SA-CORE-2012-004 (the full diff between
  7.17 and 7.18)

12. By Gunnar Wolf on 2012-10-19

* Non-maintainer upload.
* Incorporated the fix for SA-CORE-2012-003 (the full diff between
  7.15 and 7.16)