Drupal has released 7.20 to fix upstream advisory SA-CORE-2013-002: http://drupal.org/drupal-7.20-release-notes Fedora has issued an advisory on February 23: http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099663.html Funda has built drupal 7.20 in Mageia 2 updates_testing, but not filed a bug. Is this ready for QA? Reproducible: Steps to Reproduce:
Yes, please test it.
Assignee: fundawang => qa-bugs
Need an advisory please.
Thanks Funda. Advisory: ======================== Updated drupal packages fix security vulnerability: Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive (CVE-2013-0316). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0316 http://drupal.org/SA-CORE-2013-002 http://drupal.org/drupal-7.20-release-notes http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099663.html ======================== Updated packages in core/updates_testing: ======================== drupal-7.20-1.mga2 drupal-mysql-7.20-1.mga2 drupal-postgresql-7.20-1.mga2 drupal-sqlite-7.20-1.mga2 from drupal-7.20-1.mga2.src.rpm
Testing mga2 64 Procedure in bug 8442
Whiteboard: (none) => has_procedure
Testing complete mga2 64
Whiteboard: has_procedure => has_procedure mga2-64-ok
Testing mga2 32
Testing complete mga2 32 Validating Advisory and SRPM in comment 3 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateWhiteboard: has_procedure mga2-64-ok => has_procedure mga2-64-ok mga2-32-okCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0135
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED