Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 20 SA-CONTRIB-2015-053 Critical: Drupal 7 Cross-Site Scripting

fedora
Calendar Grey March 31, 2015
Dist Fedora Esm H88
Fedora 20 has rolled out a fresh update that rectifies a vulnerability related to Cross-Site Scripting (XSS) present in the Drupal 7 module, enhancing security for users and developers.
## 7.x-1.6 See [SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)](https://) Changes since 7.x-1.5: - by klausi: Sanitize field labels before passing them to the Token ...

Summary

This module extends the entity API of Drupal core in order to provide a unified

way to deal with entities and their properties. Additionally, it provides an

entity CRUD controller, which helps simplifying the creation of new entity

types.

This package provides the following Drupal modules:

* entity

* entity_token

Update Information:

## 7.x-1.6

See [SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)](https://)

Changes since 7.x-1.5:

- by klausi: Sanitize field labels before passing them to the Tok...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory fedora cross site scripting drupal update entity API

Change Log

* Fri Feb 27 2015 Shawn Iwinski - 1.6-1 - Updated to 1.6 (BZ #1196750 / SA-CONTRIB-2015-053) - Removed RPM README b/c it only explained common Drupal workflow - %license usage * Sat Jun 7 2014 Fedora Release Engineering - 1.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat May 10 2014 Peter Borsa - 1.5-1 - Update to upstream 1.5 release for bug fixes - Upstream changelog for this release is available at https:// * Thu Jan 9 2014 Shawn Iwinski - 1.3-2 - Added provided modules to description * Thu Jan 9 2014 Shawn Iwinski - 1.3-1 - Updated to 1.3 (release notes: (BZ #1050853) - CVE-2014-1398, CVE-2014-1399, CVE-2014-1400 (BZ #1050802, 1050803, 1050804) - SA-CONTRIB-2014-001 (https://) - Spec cleanup * Fri Aug 16 2013 Peter Borsa - 1.2-1 - Update to upstream 1.2 release for security and bug fixes - Upstream changelog for this release is available at https:// - SA-CONTRIB-2013-068 https://

References


[ 1 ] Bug #1196750 - drupal7-entity-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1196750

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update drupal7-entity' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: drupal7-entity
Product: Fedora 20
Version: 1.6
Release: 1.fc20
URL: https://
Summary: Extends the entity API to provide a unified way to deal with entities

Topics%20covered

Topics Covered

security advisory fedora cross site scripting drupal update entity API

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here