{
  "schema_version": "1.7.0",
  "id": "MGASA-2015-0425",
  "published": "2015-11-04T18:03:05Z",
  "modified": "2015-11-04T17:55:18Z",
  "summary": "Updated drupal package fixes security vulnerability",
  "details": "The Overlay module in Drupal core displays administrative pages as a layer\nover the current page (using JavaScript), rather than replacing the page\nin the browser window. The Overlay module does not sufficiently validate\nURLs prior to displaying their contents, leading to an open redirect\nvulnerability (CVE-2015-7943).\n",
  "upstream": [
    "CVE-2015-7943"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2015-0425.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=16997"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/SA-CORE-2015-004"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/drupal-7.40"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/drupal-7.40-release-notes"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/drupal-7.41"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/drupal-7.41-release-notes"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2015/10/23/6"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "drupal",
        "purl": "pkg:rpm/mageia/drupal?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.41-1.1.mga5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}