935247 – (CVE-2015-3231) VUL-0: CVE-2015-3231, CVE-2015-3232, CVE-2015-3233, CVE-2015-3234: drupal7: Multiple issues

Bug 935247 (CVE-2015-3231) - VUL-0: CVE-2015-3231, CVE-2015-3232, CVE-2015-3233, CVE-2015-3234: drupal7: Multiple issues

Summary: VUL-0: CVE-2015-3231, CVE-2015-3232, CVE-2015-3233, CVE-2015-3234: drupal7: M...

Status:	RESOLVED FIXED

Alias:	CVE-2015-3231

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 13.2

Priority:	P3 - Medium Severity: Critical
Target Milestone:	---
Assignee:	Tomáš Bažant
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-06-18 11:26 UTC by Johannes Segitz
Modified:	2015-06-25 11:15 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2015-06-18 11:26:20 UTC

Multiple issues were reported in drupal
- Impersonation of users 
- 2x Open redirect 
- Information disclosure

More details are available at https://www.drupal.org/SA-CORE-2015-002.

Please fix drupal7 in server:php:applications.

Comment 2 Swamp Workflow Management 2015-06-18 22:00:56 UTC

bugbot adjusting priority

Comment 3 Tomáš Bažant 2015-06-25 11:09:31 UTC

Unfortunately, i'm not fond of buildservice yet, so i wont help much with this.
However, i found that activedoc does not use Drupal 7 from this repo, as this repo is not included in the repositories at all. That is why i updated Drupal the manual way for now.

Comment 4 Andreas Stieger 2015-06-25 11:14:29 UTC

for server:php:applications this was fixed in https://build.opensuse.org/request/show/312537

Comment 5 Johannes Segitz 2015-06-25 11:15:59 UTC

then we can close this