Accepted drupal7 7.32-1+deb8u6 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 28 Feb 2016 11:12:14 -0600
Source: drupal7
Binary: drupal7
Architecture: source all
Version: 7.32-1+deb8u6
Distribution: stable-security
Urgency: high
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Gunnar Wolf <gwolf@debian.org>
Description:
drupal7 - fully-featured content management framework
Changes:
drupal7 (7.32-1+deb8u6) stable-security; urgency=high
.
* Backported from 7.43 (plus minor needed bits from 7.36 and 7.30 in
modules/file/file.module): SA-CORE-2016-001: Fixes several security
vulnerabilities:
+ File upload access bypass and DoS
+ Brute force amplification attack via XML-RPC
+ Open redirect via path manipulation
+ Reflected file download
+ Wrong modes set on some user accounts setting saves
+ Information disclosure of email addresses
CVE IDs not yet assigned
Checksums-Sha1:
e6fbc6933b8b96e8356c9e65e86a9d0f95ed2bea 1897 drupal7_7.32-1+deb8u6.dsc
f41aed5a72c2f47f8c1f47e4b6e917fa89e5954f 197180 drupal7_7.32-1+deb8u6.debian.tar.xz
14f690a9810b63f9488715e2c3ddbe9891f5fe21 2475670 drupal7_7.32-1+deb8u6_all.deb
Checksums-Sha256:
1420029e87e6c4c122a3e67e1f0d6d8f68cb9492550fdb3fb8bb8f9cc5451fef 1897 drupal7_7.32-1+deb8u6.dsc
301ea738ce016d5c32494afb5d68ffe632840f054fa9770e6ccc45aa4833ad61 197180 drupal7_7.32-1+deb8u6.debian.tar.xz
6387cf2a469826ec1d564d6875a5c8ea966869e6e74cff7cb0918c560335fd6b 2475670 drupal7_7.32-1+deb8u6_all.deb
Files:
5c97f44c34798e3e05a34fb2c8eadc37 1897 web extra drupal7_7.32-1+deb8u6.dsc
9e4d2195b6b499cef381ae801aed72e1 197180 web extra drupal7_7.32-1+deb8u6.debian.tar.xz
351a6176f1a5c60bc9e9e3ce0180c114 2475670 web extra drupal7_7.32-1+deb8u6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJW0zeBAAoJEGc6A+TB25IfFFUP/3TS1ds7Zxwm/fdN1EzghbOC
w3BrgUQSCf9kfy14BPsRbF3Ho6JjKGM3sXSAsN2VktG/NRV/EM6AbagkMRUQ2VVK
9ATUWZwwoXv3YpXd8f9mfAPv1Z3BnatkN7GZ1unWcm3NGfoRWD/kzgnnWi4Qhe1r
l0ORIybcCr6sXUrDhD06JKdUT7LooVhdrzNbG/BGu4sfFUJOyLRBhjAC5ZPzq1Xd
WiupX3Aa/IUVs0r9Y8gRaqjkO/kaUI4pyzT9bgnO9V0gQx4BIS5fYVHySs0H3GLG
smPeKt7UQmtMoEEstIw9E+goef7JxXKUgZ7gXPPwbBUzDceS73MFfo2RMW9iPj7A
t57o+6VRgBfYt/Up8EkVNcw141C0GzssI4wSV2OoUVf7G/YQgOfXDjwUvH6xMNZy
F+dnnH8DQzISxDVKggzTojIxQGkHd70TFmmI7664ZN8STrD6TU27+BBmp+WOu3mF
IsGfn1kLczUoy60ir3jgJOoUVD0R7F9Inr5f9E8uPQyW5Yw6i8dii3euaME6trIr
FZU7MV57hVXYcIsJk1HkhED4Goy9LCTaEXKKLGL16F+IZs06XJ8RXoucH6x696US
RTwin/XrmXir518gqDgn9JQyqtbAie1nql//K4gjnYXIinZDflY17n2zPp6ExRif
sn/UWVQ7MCjRq+ZaW+sQ
=Baax
-----END PGP SIGNATURE-----
Reply to: