Bug#765507: marked as done ([drupal7] CVE-2014-3704 - Drupal - pre Auth SQL Injection Vulnerability)

[Debian Bug Tracking System]

Your message dated Fri, 17 Oct 2014 10:50:21 -0500
with message-id <20141017155021.gb57...@gwolf.org>
and subject line Re: [drupal7] CVE-2014-3704 - Drupal - pre Auth SQL Injection 
Vulnerability
has caused the Debian Bug report #765507,
regarding [drupal7] CVE-2014-3704 - Drupal - pre Auth SQL Injection 
Vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
765507: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765507
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: drupal7
Version: 7.31-1
Severity: normal
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org

--- Please enter the report below this line. ---

Hi!

There's a security issue in all Drupal7 version <7.32. See:
- https://www.drupal.org/drupal-7.32-release-notes

- https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html

Please provide a new and fixed package. Thanks!


--- System information. ---
Architecture: amd64
Kernel:       Linux 3.16-2-amd64

Debian Release: jessie/sid
  500 unstable        www.deb-multimedia.org
  500 unstable        ftp.de.debian.org

--- Package information. ---
Depends                    (Version) | Installed
====================================-+-============
debconf                    (>= 0.5)  | 1.5.53
 OR debconf-2.0                      |
apache2                              | 2.4.10-5
 OR httpd                            |
php5                                 | 5.6.0+dfsg-1
php5-mysql                           | 5.6.0+dfsg-1+b1
 OR php5-pgsql                       | 5.6.0+dfsg-1+b1
 OR php5-sqlite                      | 5.6.0+dfsg-1+b1
php5-gd                              | 5.6.0+dfsg-1+b1
default-mta                          |
 OR mail-transport-agent             |
wwwconfig-common         (>= 0.0.37) | 0.2.2
mysql-client                         | 5.5.39-1
 OR virtual-mysql-client             |
 OR postgresql-client                | 9.4+162
dbconfig-common                      | 1.8.47+nmu1
curl                                 | 7.38.0-2


Recommends        (Version) | Installed
===========================-+-===========
mysql-server                | 5.5.39-1
 OR postgresql              | 9.4+162
 OR sqlite3                 | 3.8.6-1


Package's Suggests field is empty.




--
Ciao...            //      Fon: 0381-2744150
      Ingo       \X/       http://blog.windfluechter.net
Please don't share this address with Facebook or Google!
gpg pubkey: http://www.juergensmann.de/ij_public_key.asc

--- End Message ---

--- Begin Message ---

notfound 765507 7.32-1~bpo70+1
notfound 765507 7.32-1
notfound 765507 7.14-2+deb7u7
notfound 765507 7.14-2+deb7u6~bpo60+1
thanks

Version: 7.32-1

The fixed package was uploaded concurrently with this bug's
filing. Closing it by hand :)

--- End Message ---