Upstream has issued an advisory on August 6:
A CVE has been requested:
No response yet.
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron.
Waiting on the CVE assignment for the advisory.
Updated packages in core/updates_testing:
Steps to Reproduce:
Testing complete Mageia 3 32bit.
MGA3TOO has_procedure =>
MGA3TOO MGA3-32-OK has_procedure
I also tested installing Drupal in French btw, following the instructions given in the language choice page to retrieve translations.
Testing complete mga4 64
Ready to validate once advisory is uploaded.
MGA3TOO MGA3-32-OK has_procedure =>
MGA3TOO MGA3-32-OK mga4-64-ok has_procedure
As Claire said, this one can be validated too.
Just like wordpress, no response to the CVE request yet, so this is all I have.
Updated drupal packages fix security vulnerability:
A denial of service issue exists in Drupal before 7.31, due to XML entity
expansion in a publicly accessible XML-RPC endpoint.
The drupal package has been updated to version 7.31 to fix this issue and
other bugs. See the upstream advisory and release notes for more details.
Debian has issued an advisory for this on August 9:
MGA3TOO MGA3-32-OK mga4-64-ok has_procedure =>
MGA3TOO MGA3-32-OK mga4-64-ok has_procedure advisory
An update for this issue has been pushed to Mageia Updates repository.
MITRE finally assigned some CVEs (CVE-2014-526):