Drupal has released 7.20 to fix upstream advisory SA-CORE-2013-002:
Fedora has issued an advisory on February 23:
Funda has built drupal 7.20 in Mageia 2 updates_testing, but not filed a bug.
Is this ready for QA?
Steps to Reproduce:
Yes, please test it.
Need an advisory please.
Updated drupal packages fix security vulnerability:
Drupal core's Image module allows for the on-demand generation of image
derivatives. This capability can be abused by requesting a large number of
new derivatives which can fill up the server disk space, and which can cause
a very high CPU load. Either of these effects may lead to the site becoming
unavailable or unresponsive (CVE-2013-0316).
Updated packages in core/updates_testing:
Testing mga2 64
Procedure in bug 8442
Testing complete mga2 64
Testing mga2 32
Testing complete mga2 32
Advisory and SRPM in comment 3
Could sysadmin please push from core/updates_testing to core/updates