[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 548-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : drupal7
Version        : 7.14-2+deb7u13
CVE ID         : CVE-2015-7943

It was discovered that there was an open redirect vulnerability in drupal7,
a content management framework.

The "Overlay" module in Drupal core displays administrative pages as a layer
over the current page (using JavaScript) rather than replacing the page
in the browser window. The module did not sufficiently validate URLs prior
to displaying their contents, leading to an open redirect vulnerability.

For Debian 7 "Wheezy", this issue has been fixed in drupal7 version
7.14-2+deb7u13.

We recommend that you upgrade your drupal7 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXg+UYAAoJEB6VPifUMR5YqtwQALRtvunH4EfKafOjtLdX34hu
y64Rgs1diURHnp52ItD0uqJsE0lQqYNWqJ3kI74ZQaY5Dcl7EKbOFlsPocEslkme
ZIQrOpPw3GnZRF9BtXjW/TMT/mZEa/A3fcq9weEwbTsC+GiBcCWFs4i6HVwx7mJX
r/gZ+jZpWHpmV2laJlAnnfFrf9DX61eTlEwIyf6lRRBgDwI7yO7dTf1co3tcF3M+
srBdJ8QRhNibhA3aU+khMhWrxKc79GGa7EhnFcW6HKeG7X+DatZESvnGKabxtQP1
7VuZYFkQTJ2W6r+RtLC28eoAdYlgp50K5w6ICmWIlBwmQNf0LISA/YXFVDRGwcrg
Zethzc2E9nb3UCxN3GbmyY7hh7eYIUQ2UzZy9iApXinbO+PLKydfuuaKg42qceYI
/E2SBU8AE1MgcGQh3H+SWWYTPBs2rMIr2rseMWYgQ4rQoAv6d/zNUBwRfOULWfs4
smj4GznOrkO2VPLasEZFTQHJZsoeXRStPq168z8DwjpZYW5ZBALuuDZq8KT0Kb6x
OPNeyee/+hA5rA6JgVtXE0b+LiSdNfuUBhCqkDXpLrnOWvmdgYgPeFYV89hGnFwB
BH/1uoDj3hAblBwdCOm8IcFpkJ2FOYp7ycRrZke8L59aMpGQTKXrM26Hle6hOLrS
2u9waNPKxYp9VOE0jkpV
=kfzx
-----END PGP SIGNATURE-----
Reply to: