Stay Secure with the Latest Linux Advisories

security advisorymoderatesecurity update

Fedora 22: FEDORA-2015-10994 Moderate XSS in Drupal7 Feeds

## 7.x-2.0-alpha9 **This is a security release. People running 7.x-2.0-alpha8 or below should update. This release only contains security fixes, no additional bug fixes or features.** Changes since 7.x-2.0-alpha8: * Issue #2495145 by twistor, cashwilliams, greggles, klausi: Possible XSS in PuSHSubscriber.inc * Issue #2502419 by klausi: Log messages XSS attack vector. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-10994 2015-07-02 15:03:19 -------------------------------------------------------------------------------- Name : drupal7-feeds Product : Fedora 22 Version : 2.0 Release : 0.12.alpha9.fc22 URL : Summary : Aggregates RSS/Atom/RDF feeds, imports CSV files and more Description : Import or aggregate data as nodes, users, taxonomy terms or simple database records. This package provides the following Drupal modules: * feeds * feeds_import * feeds_news (requires drupal7-features and drupal7-views) * feeds_ui -------------------------------------------------------------------------------- Update Information: ## 7.x-2.0-alpha9 **This is a security release. People running 7.x-2.0-alpha8 or below should update. This release only contains security fixes, no additional bug fixes or features.** Changes since 7.x-2.0-alpha8: * Issue #2495145 by twistor, cashwilliams, greggles, klausi: Possible XSS in PuSHSubscriber.inc * Issue #2502419 by klausi: Log messages XSS attack vector * Issue #1848498 by twistor: Respect allowed file extensions in file mapper -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2015 Peter Borsa - 2.0-0.12.alpha9 - Update to 2.0-alpha9 - Release notes can be found at * Wed Jun 17 2015 Fedora Release Engineering - 2.0-0.11.alpha8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1232973 -drupal7-feeds-2.0-alpha9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1232973 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update drupal7-feeds' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . An important patch for Fedora 22's drupal7-views tackles potential CSRF vulnerabilities, enhancing protection for users.. drupal7, feeds, security update, fedora 22. . LinuxSecurity.com Team

Jul 16, 2015 Fedora