Ubuntu
drupal7 package

SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure

Bug #1075455 reported by Swen Kühnlein on 2012-11-06

266

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	drupal7 (Debian)	Fix Released	Unknown	debbugs #690817
	drupal7 (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

According to http://drupal.org/node/1815912 all versions of drupal 7.x < 7.16 have an arbitrary PHP code execution vulnerability.

CVE References

Swen Kühnlein (swen) on 2012-11-06

information type:

Private Security → Public Security

Bug Watch Updater (bug-watch-updater) on 2012-11-06

Changed in drupal7 (Debian):
status:	Unknown → Fix Released

Seth Arnold (seth-arnold) on 2012-11-09

Changed in drupal7 (Ubuntu):
status:	New → Incomplete

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2012-11-09:

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2013-05-22:

13.04 now has 7.22-1

Changed in drupal7 (Ubuntu):
status:	Incomplete → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

Bug #1087497

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #690817
[done critical security patch] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntudrupal7 package