includes/form.inc | 9 8 + 1 - 0 !
modules/openid/openid.install | 76 73 + 3 - 0 !
modules/openid/openid.module | 3 2 + 1 - 0 !
modules/simpletest/tests/form.test | 27 24 + 3 - 0 !
modules/simpletest/tests/form_test.module | 9 9 + 0 - 0 !
modules/simpletest/tests/upgrade/upgrade.taxonomy.test | 5 5 + 0 - 0 !
modules/taxonomy/taxonomy.install | 159 128 + 31 - 0 !
7 files changed, 249 insertions(+), 39 deletions(-)

 several security vulnerabilities, see https://drupal.org/sa-core-2014-001

includes/common.inc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable reporting to system log every cron run

sources/misc/farbtastic/farbtastic.js | 345 345 + 0 - 0 !
sources/misc/jquery-1.4.4.js | 7179 7179 + 0 - 0 !
sources/misc/jquery.ba-bbq.js | 1137 1137 + 0 - 0 !
sources/misc/jquery.ba-hashchange.js | 244 244 + 0 - 0 !
sources/misc/jquery.cookie.js | 96 96 + 0 - 0 !
sources/misc/jquery.form.js | 791 791 + 0 - 0 !
sources/misc/ui/jquery.effects.blind.js | 49 49 + 0 - 0 !
sources/misc/ui/jquery.effects.bounce.js | 78 78 + 0 - 0 !
sources/misc/ui/jquery.effects.clip.js | 54 54 + 0 - 0 !
sources/misc/ui/jquery.effects.core.js | 749 749 + 0 - 0 !
sources/misc/ui/jquery.effects.drop.js | 50 50 + 0 - 0 !
sources/misc/ui/jquery.effects.explode.js | 79 79 + 0 - 0 !
sources/misc/ui/jquery.effects.fade.js | 32 32 + 0 - 0 !
sources/misc/ui/jquery.effects.fold.js | 56 56 + 0 - 0 !
sources/misc/ui/jquery.effects.highlight.js | 50 50 + 0 - 0 !
sources/misc/ui/jquery.effects.pulsate.js | 51 51 + 0 - 0 !
sources/misc/ui/jquery.effects.scale.js | 178 178 + 0 - 0 !
sources/misc/ui/jquery.effects.shake.js | 57 57 + 0 - 0 !
sources/misc/ui/jquery.effects.slide.js | 50 50 + 0 - 0 !
sources/misc/ui/jquery.effects.transfer.js | 45 45 + 0 - 0 !
sources/misc/ui/jquery.ui.accordion.js | 599 599 + 0 - 0 !
sources/misc/ui/jquery.ui.autocomplete.js | 595 595 + 0 - 0 !
sources/misc/ui/jquery.ui.button.js | 373 373 + 0 - 0 !
sources/misc/ui/jquery.ui.core.js | 308 308 + 0 - 0 !
sources/misc/ui/jquery.ui.datepicker.js | 1757 1757 + 0 - 0 !
sources/misc/ui/jquery.ui.dialog.js | 857 857 + 0 - 0 !
sources/misc/ui/jquery.ui.draggable.js | 797 797 + 0 - 0 !
sources/misc/ui/jquery.ui.droppable.js | 285 285 + 0 - 0 !
sources/misc/ui/jquery.ui.mouse.js | 151 151 + 0 - 0 !
sources/misc/ui/jquery.ui.position.js | 252 252 + 0 - 0 !
sources/misc/ui/jquery.ui.progressbar.js | 108 108 + 0 - 0 !
sources/misc/ui/jquery.ui.resizable.js | 812 812 + 0 - 0 !
sources/misc/ui/jquery.ui.selectable.js | 266 266 + 0 - 0 !
sources/misc/ui/jquery.ui.slider.js | 682 682 + 0 - 0 !
sources/misc/ui/jquery.ui.sortable.js | 1071 1071 + 0 - 0 !
sources/misc/ui/jquery.ui.tabs.js | 758 758 + 0 - 0 !
sources/misc/ui/jquery.ui.widget.js | 262 262 + 0 - 0 !
37 files changed, 21303 insertions(+)

 add uncompressed sources of javascript files

includes/install.core.inc | 11 5 + 6 - 0 !
modules/openid/openid.inc | 31 27 + 4 - 0 !
modules/openid/openid.test | 16 9 + 7 - 0 !
modules/openid/tests/openid_test.module | 6 5 + 1 - 0 !
4 files changed, 46 insertions(+), 18 deletions(-)

 fixes sa-core-2012-003 (arbitrary php code execution and information disclosure)

includes/file.inc | 3 3 + 0 - 0 !
modules/user/user.module | 8 6 + 2 - 0 !
modules/user/user.test | 22 20 + 2 - 0 !
3 files changed, 29 insertions(+), 4 deletions(-)

 fixes sa_core-2012-004 (access bypass, arbitrary code execution)

misc/collapse.js | 4 2 + 2 - 0 !
misc/drupal.js | 21 21 + 0 - 0 !
misc/vertical-tabs.js | 4 2 + 2 - 0 !
modules/book/book.pages.inc | 9 9 + 0 - 0 !
modules/book/book.test | 7 7 + 0 - 0 !
modules/image/image.module | 3 2 + 1 - 0 !
6 files changed, 43 insertions(+), 5 deletions(-)

 fixes sa_core-2013-001 (cross-site scripting, access bypass)

modules/image/image.module | 60 50 + 10 - 0 !
modules/image/image.test | 147 126 + 21 - 0 !
modules/user/user.test | 2 1 + 1 - 0 !
3 files changed, 177 insertions(+), 32 deletions(-)

 fixes sa_core-2013-002 (dos)

modules/update/update.compare.inc | 2 2 + 0 - 0 !
modules/update/update.install | 3 2 + 1 - 0 !
2 files changed, 4 insertions(+), 1 deletion(-)

 removes update warning for drupal core version
 This patch removes new version checking for drupal core. Security updates
 are provided by Debian using patches against currently frozen version (7.14).

includes/bootstrap.inc | 103 72 + 31 - 0 !
includes/common.inc | 8 6 + 2 - 0 !
includes/file.inc | 55 45 + 10 - 0 !
includes/form.inc | 10 8 + 2 - 0 !
includes/install.core.inc | 11 10 + 1 - 0 !
includes/session.inc | 8 4 + 4 - 0 !
modules/color/color.module | 49 48 + 1 - 0 !
modules/image/image.field.inc | 2 1 + 1 - 0 !
modules/openid/openid.inc | 23 5 + 18 - 0 !
modules/openid/tests/openid_test.install | 2 1 + 1 - 0 !
modules/overlay/overlay.module | 4 4 + 0 - 0 !
modules/simpletest/tests/file.test | 2 1 + 1 - 0 !
modules/simpletest/tests/form.test | 20 20 + 0 - 0 !
modules/system/system.install | 37 35 + 2 - 0 !
modules/system/system.test | 47 47 + 0 - 0 !
modules/user/user.module | 6 5 + 1 - 0 !
modules/user/user.pages.inc | 2 1 + 1 - 0 !
update.php | 4 2 + 2 - 0 !
18 files changed, 315 insertions(+), 78 deletions(-)

 fixes sa_core-2013-003 (several vulnerabilities)

includes/ajax.inc | 59 53 + 6 - 0 !
includes/form.inc | 42 39 + 3 - 0 !
misc/ajax.js | 7 7 + 0 - 0 !
modules/file/file.module | 3 1 + 2 - 0 !
modules/simpletest/drupal_web_test_case.php | 7 7 + 0 - 0 !
modules/simpletest/tests/ajax.test | 79 79 + 0 - 0 !
modules/simpletest/tests/form.test | 176 176 + 0 - 0 !
modules/simpletest/tests/form_test.module | 92 92 + 0 - 0 !
8 files changed, 454 insertions(+), 11 deletions(-)

 fix a information disclosure vulnerability; see https://drupal.org/sa-core-2014-002

misc/ajax.js | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 issue #2245331 by bendikrb: use of reserved word in ajax.js breaks ie8.

includes/bootstrap.inc | 9 8 + 1 - 0 !
includes/file.inc | 81 64 + 17 - 0 !
includes/form.inc | 2 1 + 1 - 0 !
misc/ajax.js | 2 1 + 1 - 0 !
modules/file/file.module | 5 3 + 2 - 0 !
modules/file/tests/file.test | 13 13 + 0 - 0 !
modules/simpletest/tests/bootstrap.test | 5 5 + 0 - 0 !
7 files changed, 95 insertions(+), 22 deletions(-)

---

includes/xmlrpc.inc | 36 35 + 1 - 0 !
modules/openid/openid.inc | 5 5 + 0 - 0 !
modules/simpletest/tests/xmlrpc.test | 5 5 + 0 - 0 !
3 files changed, 45 insertions(+), 1 deletion(-)

 fixed security issues (denial of service). see http://drupal.org/sa-core-2014-004

includes/database/database.inc | 2 1 + 1 - 0 !
modules/simpletest/tests/database_test.test | 28 28 + 0 - 0 !
2 files changed, 29 insertions(+), 1 deletion(-)

 fixed highly critical sql injection.
 See https://www.drupal.org/SA-CORE-2014-005, CVE-2014-3704

includes/password.inc | 6 5 + 1 - 0 !
includes/session.inc | 2 1 + 1 - 0 !
modules/simpletest/tests/password.test | 21 21 + 0 - 0 !
3 files changed, 27 insertions(+), 2 deletions(-)

---

includes/bootstrap.inc | 20 20 + 0 - 0 !
includes/common.inc | 46 34 + 12 - 0 !
modules/simpletest/tests/bootstrap.test | 82 82 + 0 - 0 !
modules/simpletest/tests/common.test | 20 20 + 0 - 0 !
modules/simpletest/tests/system_test.module | 38 38 + 0 - 0 !
modules/statistics/statistics.test | 2 1 + 1 - 0 !
modules/system/system.test | 43 43 + 0 - 0 !
modules/user/user.module | 29 25 + 4 - 0 !
modules/user/user.pages.inc | 4 2 + 2 - 0 !
modules/user/user.test | 14 7 + 7 - 0 !
10 files changed, 272 insertions(+), 26 deletions(-)

 fixes sa-core-2015-001 (access bypass on password reseturls; open redirect)

includes/common.inc | 12 10 + 2 - 0 !
modules/field_ui/field_ui.admin.inc | 4 4 + 0 - 0 !
modules/field_ui/field_ui.test | 13 13 + 0 - 0 !
modules/openid/openid.module | 14 10 + 4 - 0 !
modules/openid/openid.test | 2 1 + 1 - 0 !
modules/openid/tests/openid_test.module | 1 1 + 0 - 0 !
modules/overlay/overlay-parent.js | 29 27 + 2 - 0 !
modules/simpletest/tests/common.test | 55 54 + 1 - 0 !
8 files changed, 120 insertions(+), 10 deletions(-)

 fixes sa-core-2015-002 (multiple vulnerabilities)

includes/ajax.inc | 37 36 + 1 - 0 !
includes/database/database.inc | 2 1 + 1 - 0 !
includes/form.inc | 101 88 + 13 - 0 !
includes/menu.inc | 2 1 + 1 - 0 !
misc/ajax.js | 40 34 + 6 - 0 !
misc/autocomplete.js | 7 5 + 2 - 0 !
misc/drupal.js | 73 71 + 2 - 0 !
modules/file/tests/file.test | 12 12 + 0 - 0 !
modules/profile/profile.test | 14 12 + 2 - 0 !
modules/simpletest/drupal_web_test_case.php | 1 1 + 0 - 0 !
modules/simpletest/tests/database_test.test | 39 38 + 1 - 0 !
modules/system/system.module | 2 1 + 1 - 0 !
12 files changed, 300 insertions(+), 30 deletions(-)

 fixes sa-core-2015-003 (missing ajax cleanup that can
 lead to cross-site scripting, access bypass, SQL injection, open
 redirect).
 .

includes/common.inc | 37 19 + 18 - 0 !
includes/path.inc | 3 2 + 1 - 0 !
includes/xmlrpcs.inc | 8 8 + 0 - 0 !
modules/file/file.module | 26 24 + 2 - 0 !
modules/file/tests/file.test | 138 138 + 0 - 0 !
modules/simpletest/tests/common.test | 68 68 + 0 - 0 !
modules/simpletest/tests/common_test.module | 9 9 + 0 - 0 !
modules/simpletest/tests/xmlrpc.test | 34 34 + 0 - 0 !
modules/system/system.admin.inc | 8 7 + 1 - 0 !
modules/system/system.js | 2 1 + 1 - 0 !
modules/system/system.test | 16 16 + 0 - 0 !
modules/user/user.module | 16 11 + 5 - 0 !
12 files changed, 337 insertions(+), 28 deletions(-)

---