drupal7-feeds: three vulnerabilities

Package(s):

drupal7-feeds

CVE #(s):

Created:

July 16, 2015

Updated:

July 22, 2015

Description:

From the Drupal release notes:

This is a security release. People running 7.x-2.0-alpha8 or below should update. This release only contains security fixes, no additional bug fixes or features.

Changes since 7.x-2.0-alpha8:

#2495145 by twistor, cashwilliams, greggles, klausi: Possible XSS in PuSHSubscriber.inc
#2502419 by klausi: Log messages XSS attack vector
#1848498 by twistor: Respect allowed file extensions in file mapper

Alerts:

Fedora	FEDORA-2015-11018	drupal7-feeds	2015-07-16
Fedora	FEDORA-2015-10994	drupal7-feeds	2015-07-16