[Secure-testing-team] Bug#765507: [drupal7] CVE-2014-3704 - Drupal - pre Auth SQL Injection Vulnerability
Ingo Juergensmann
ij at 2013.bluespice.org
Wed Oct 15 17:06:34 UTC 2014
Package: drupal7
Version: 7.31-1
Severity: normal
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
--- Please enter the report below this line. ---
Hi!
There's a security issue in all Drupal7 version <7.32. See:
- https://www.drupal.org/drupal-7.32-release-notes
-
https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
Please provide a new and fixed package. Thanks!
--- System information. ---
Architecture: amd64
Kernel: Linux 3.16-2-amd64
Debian Release: jessie/sid
500 unstable www.deb-multimedia.org
500 unstable ftp.de.debian.org
--- Package information. ---
Depends (Version) | Installed
====================================-+-============
debconf (>= 0.5) | 1.5.53
OR debconf-2.0 |
apache2 | 2.4.10-5
OR httpd |
php5 | 5.6.0+dfsg-1
php5-mysql | 5.6.0+dfsg-1+b1
OR php5-pgsql | 5.6.0+dfsg-1+b1
OR php5-sqlite | 5.6.0+dfsg-1+b1
php5-gd | 5.6.0+dfsg-1+b1
default-mta |
OR mail-transport-agent |
wwwconfig-common (>= 0.0.37) | 0.2.2
mysql-client | 5.5.39-1
OR virtual-mysql-client |
OR postgresql-client | 9.4+162
dbconfig-common | 1.8.47+nmu1
curl | 7.38.0-2
Recommends (Version) | Installed
===========================-+-===========
mysql-server | 5.5.39-1
OR postgresql | 9.4+162
OR sqlite3 | 3.8.6-1
Package's Suggests field is empty.
--
Ciao... // Fon: 0381-2744150
Ingo \X/ http://blog.windfluechter.net
Please don't share this address with Facebook or Google!
gpg pubkey: http://www.juergensmann.de/ij_public_key.asc
More information about the Secure-testing-team
mailing list