{
  "schema_version": "1.7.0",
  "id": "MGASA-2014-0031",
  "published": "2014-01-31T16:43:58Z",
  "modified": "2014-01-31T16:43:55Z",
  "summary": "Updated drupal package fixes security vulnerabilities",
  "details": "Christian Mainka and Vladislav Mladenov reported a vulnerability in the\nOpenID module that allows a malicious user to log in as other users on the\nsite, including administrators, and hijack their accounts (CVE-2014-1475).\n\nMatt Vance and Damien Tournoud reported an access bypass vulnerability in\nthe taxonomy module. Under certain circumstances, unpublished content can\nappear on listing pages provided by the taxonomy module and will be\nvisible to users who should not have permission to see it (CVE-2014-1476).\n",
  "upstream": [
    "CVE-2014-1475",
    "CVE-2014-1476"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2014-0031.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=12325"
    },
    {
      "type": "WEB",
      "url": "https://drupal.org/SA-CORE-2014-001"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-2847"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:3",
        "name": "drupal",
        "purl": "pkg:rpm/mageia/drupal?arch=source&distro=mageia-3"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.26-1.mga3"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}
