Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in drupal7-entity
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in drupal7-entity
ID: FEDORA-2015-2826
Distribution: Fedora
Plattformen: Fedora 20
Datum: Mi, 1. April 2015, 06:26
Referenzen: https://www.drupal.org/node/2437905

Originalnachricht

Name        : drupal7-entity
Product : Fedora 20
Version : 1.6
Release : 1.fc20
URL : http://drupal.org/project/entity
Summary : Extends the entity API to provide a unified way to deal with
entities
Description :
This module extends the entity API of Drupal core in order to provide a unified
way to deal with entities and their properties. Additionally, it provides an
entity CRUD controller, which helps simplifying the creation of new entity
types.

This package provides the following Drupal modules:
* entity
* entity_token

-------------------------------------------------------------------------------
-
Update Information:

## 7.x-1.6

See [SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905)

Changes since 7.x-1.5:

- by klausi: Sanitize field labels before passing them to the Token API.
- Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong
for single entity reference field.
- Issue #2039601 by DuaelFr, fago: Added Ease EntityMetadataWrapper usage with
a getter.
- Issue #2160355 by wodenx, gmercer, fgm, jgullstr: Fixed Trying to get
property of non-object in entity_metadata_user_access().
- Issue #1651824 by meatsack | joachim: Fixed 'entity_test' table has
incorrect declaration of foreign keys.
- Issue #2309697 by kristiaanvandeneynde; joachim: Fixed variable mistake in
entity_views_handler_relationship_by_bundle.
- Issue #2003826 by greenmother, stella, jazzdrive3, fago: Fixed
template_preprocess_entity does not check for existing 'path' index.
- Issue #1104286: Support generating database schema for date properties.
- Issue #2013473 by fietserwin: Title attribute of image field not listed as
possible token.
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Feb 27 2015 Shawn Iwinski <shawn.iwinski@gmail.com> - 1.6-1
- Updated to 1.6 (BZ #1196750 / SA-CONTRIB-2015-053)
- Removed RPM README b/c it only explained common Drupal workflow
- %license usage
* Sat Jun 7 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 1.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat May 10 2014 Peter Borsa <peter.borsa@gmail.com> - 1.5-1
- Update to upstream 1.5 release for bug fixes
- Upstream changelog for this release is available at https://drupal.org/node/2236077
* Thu Jan 9 2014 Shawn Iwinski <shawn.iwinski@gmail.com> - 1.3-2
- Added provided modules to description
* Thu Jan 9 2014 Shawn Iwinski <shawn.iwinski@gmail.com> - 1.3-1
- Updated to 1.3 (release notes: https://drupal.org/node/2169589) (BZ #1050853)
- CVE-2014-1398, CVE-2014-1399, CVE-2014-1400 (BZ #1050802, 1050803, 1050804)
- SA-CONTRIB-2014-001 (https://drupal.org/node/2169595)
- Spec cleanup
* Fri Aug 16 2013 Peter Borsa <peter.borsa@gmail.com> - 1.2-1
- Update to upstream 1.2 release for security and bug fixes
- Upstream changelog for this release is available at https://drupal.org/node/2065197
- SA-CONTRIB-2013-068 https://drupal.org/node/2065207
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1196750 - drupal7-entity-1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1196750
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update drupal7-entity' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung