Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

drupal7: CVE-2013-0316

Related Vulnerabilities: CVE-2013-0316  

Source

Debian Bug report logs - #701165
drupal7: CVE-2013-0316

version graph

Package: drupal7; Maintainer for drupal7 is Gunnar Wolf <gwolf@debian.org>; Source for drupal7 is src:drupal7 (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Fri, 22 Feb 2013 10:30:01 UTC

Severity: grave

Tags: security

Fixed in version drupal7/7.14-2

Done: Luigi Gangitano <luigi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Luigi Gangitano <luigi@debian.org>:
Bug#701165; Package drupal7. (Fri, 22 Feb 2013 10:30:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Luigi Gangitano <luigi@debian.org>. (Fri, 22 Feb 2013 10:30:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: drupal7: CVE-2013-0316
Date: Fri, 22 Feb 2013 11:24:24 +0100
Package: drupal7
Severity: grave
Tags: security
Justification: user security hole

This has been assigned CVE-2013-0316:
http://drupal.org/SA-CORE-2013-002

Cheers,
        Moritz

Reply sent to Luigi Gangitano <luigi@debian.org>:
You have taken responsibility. (Sat, 23 Feb 2013 15:36:08 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sat, 23 Feb 2013 15:36:08 GMT) (full text, mbox, link).

Message #10 received at 701165-close@bugs.debian.org (full text, mbox, reply):

From: Luigi Gangitano <luigi@debian.org>
To: 701165-close@bugs.debian.org
Subject: Bug#701165: fixed in drupal7 7.14-2
Date: Sat, 23 Feb 2013 15:32:36 +0000
Source: drupal7
Source-Version: 7.14-2

We believe that the bug you reported is fixed in the latest version of
drupal7, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 701165@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luigi Gangitano <luigi@debian.org> (supplier of updated drupal7 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 23 Feb 2013 15:12:35 +0100
Source: drupal7
Binary: drupal7
Architecture: source all
Version: 7.14-2
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Luigi Gangitano <luigi@debian.org>
Description: 
 drupal7    - fully-featured content management framework
Closes: 700545 701165
Changes: 
 drupal7 (7.14-2) unstable; urgency=high
 .
   [ Luigi Gangitano ]
   * Urgency high due to security fixes
 .
   * Acknowledge NMUs from Gunnar Wolf
 .
   * Incorporated fix for DoS on image derivative generation
     (Ref: SA-CORE-2013-002, CVE-2013-0316) (Closes: #701165)
 .
   * Removed update warnings for Drupal core, since security fixes are provided
     by Debian updates. (Closes: #700545)
Checksums-Sha1: 
 daacc918dbb50af1796167a78cf13e19551d265c 1178 drupal7_7.14-2.dsc
 d972a2e131c0cf2f6628146acef6c19f031f86d5 199969 drupal7_7.14-2.debian.tar.gz
 d35338979a2a1cfbaeec73ad94d8b25ac9629c5f 3179172 drupal7_7.14-2_all.deb
Checksums-Sha256: 
 4630911f1719c0f197d2ff90404c6bfba36e445c9147a49b6858bbb3a0ee0c3f 1178 drupal7_7.14-2.dsc
 a7face8fd141ff93f79dcc9c6c29b5b6a6b4d87be9cb7d012ccf7b33a9ad57c2 199969 drupal7_7.14-2.debian.tar.gz
 d1a3b6e914b600c9d321d83a9d27b6bc64fcd6dc3761b8c8fd0c9c740e9b2ccf 3179172 drupal7_7.14-2_all.deb
Files: 
 e97baba55a00af319489b47d44b4fe1c 1178 web extra drupal7_7.14-2.dsc
 828b6f1704240c9eb02973b45e41f8c1 199969 web extra drupal7_7.14-2.debian.tar.gz
 541f896ce67ae6a5a78200ec19c0f7be 3179172 web extra drupal7_7.14-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)

iEYEARECAAYFAlEo344ACgkQ8ZumGJJMDCYvwgCePhdkfwEYM9NwWGBq+VRO4BzE
aB0AnAzmgKtBH5JJv+nJIe9xUBNNdTWd
=4mmQ
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Mar 2013 07:29:50 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:05:17 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started