Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#42388 - [drupal] Security release on Wednesday, October 15 (NY time)
Attached to Project:
Community Packages
Opened by Remi Gacogne (rgacogne) - Wednesday, 15 October 2014, 12:24 GMT
Last edited by Sergej Pupykin (sergej) - Thursday, 16 October 2014, 09:05 GMT
Opened by Remi Gacogne (rgacogne) - Wednesday, 15 October 2014, 12:24 GMT
Last edited by Sergej Pupykin (sergej) - Thursday, 16 October 2014, 09:05 GMT
|
DetailsHello,
Just to give a head start, Drupal announced a security release for Drupal 7 for Wednesday, October 15: https://groups.drupal.org/node/445893 |
This task depends upon
https://www.drupal.org/SA-CORE-2014-005
"Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.
A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks."