Upstream Drupal has reported SA-CORE-2012-004 [1] which corrects multiple vulnerabilities:

1) Access bypass (User module search - Drupal 6 and 7) 2) Access bypass (Upload module - Drupal 6) 3) Arbitrary PHP code execution (File upload modules - Drupal 6 and 7)

CVEs have been requested and are not yet assigned.

These flaws have been fixed in Drupal 6.27 and 7.18.

[1] http://drupal.org/SA-CORE-2012-004

This update has been submitted for testing by limb.

7 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

7 years ago

This update has been pushed to testing

7 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

7 years ago

This update has been submitted for stable by limb.

7 years ago

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

7 years ago

This update has been pushed to stable

7 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
BZ#888990 CVE-2012-5651 CVE-2012-5652 CVE-2012-5653 drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004)
0
0
BZ#888991 drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004) [fedora-all]
0
0
BZ#888992 drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004) [epel-all]
0
0
BZ#888993 drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004) [fedora-all]
0
0
BZ#888994 drupal: multiple flaws fixed in 6.27/7.18 (SA-CORE-2012-004) [epel-all]
0
0

Automated Test Results