[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[BSA-098] Security update for drupal7

Gunnar Wolf uploaded new packages for Drupal7 which fixed the
following security problems:

CVE 2014-3704 / SA-CORE-2014-005:
   Highly critical: Pre Auth SQL injection

   The expandArguments function in the database abstraction API in
   Drupal core 7.x before 7.32 does not properly construct prepared
   statements, which allows remote attackers to conduct SQL injection
   attacks via an array containing crafted keys. 


For the squeeze-backports distribution the problems have been fixed in
version 7.14-2+deb7u7~bpo60+1.

For the wheezy-backports distribution the problems have been fixed in
version 7.32-1~bpo70+1.

Attachment: signature.asc
Description: Digital signature

Reply to: