Changelog
drupal7 (7.32-1+deb8u4build0.14.10.1) utopic-security; urgency=medium
* fake sync from Debian
drupal7 (7.32-1+deb8u4) stable-security; urgency=high
* Backported from 7.38: SA-CORE-2015-002 (Multiple vulnerabilities. CVE
IDs assigned as follows:
+ Impersonation (OpenID module - Drupal 6 and 7): CVE-2015-3234
+ Open redirect (Field UI module - Drupal 7): CVE-2015-3232
+ Open redirect (Overlay module - Drupal 7: CVE-2015-3233
+ Information disclosure (Render cache system - Drupal 7): CVE-2015-3231
drupal7 (7.32-1+deb8u3) unstable; urgency=medium
* Added missing DEP3 headers to SA-CORE-2015-001 patch
drupal7 (7.32-1+deb8u2) unstable; urgency=high
* Backported from 7.35: SA-CORE-2015-001 (Access bypass on password
reset URLs; Open redirect)
drupal7 (7.32-1+deb8u1) unstable; urgency=high
* Updated the VCS URL in debian/control as git.debian.org is deprecated
* Debian has frozen! We will start backporting the important fixes to
7.32
* Backported from 7.34: SA-CORE-2014-006 (Session hijacking CVE-2014-
9015, Denial of service CVE-2014-9016)
* Several minor reliability fixes backported from 7.33
-- Steve Beattie <email address hidden> Wed, 01 Jul 2015 08:48:36 -0700