includes/common.inc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable reporting to system log every cron run

modules/update/update.compare.inc | 2 2 + 0 - 0 !
modules/update/update.install | 3 2 + 1 - 0 !
2 files changed, 4 insertions(+), 1 deletion(-)

 removes update warning for drupal core version
 This patch removes new version checking for drupal core. Security updates
 are provided by Debian using patches against currently frozen version (7.14).

includes/password.inc | 6 5 + 1 - 0 !
includes/session.inc | 2 1 + 1 - 0 !
modules/simpletest/tests/password.test | 21 21 + 0 - 0 !
3 files changed, 27 insertions(+), 2 deletions(-)

 fixes sa-core-2014-006 (session hijacking, denial of service)

includes/bootstrap.inc | 19 10 + 9 - 0 !
1 file changed, 10 insertions(+), 9 deletions(-)

 fixes drupal issue #667098
 Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap
 when called early in the page request.
 .
 Backported from 7.33.

includes/unicode.inc | 14 9 + 5 - 0 !
1 file changed, 9 insertions(+), 5 deletions(-)

 fixes drupal issue #2332295
 Fixed a bug in the Unicode requirements check which prevented installing Drupal on PHP 5.6.
 .
 Backported from 7.33.

includes/database/select.inc | 5 4 + 1 - 0 !
includes/tablesort.inc | 7 3 + 4 - 0 !
modules/simpletest/tests/database_test.test | 9 9 + 0 - 0 !
3 files changed, 16 insertions(+), 5 deletions(-)

 fixes drupal issue #829464
 Security improvement: Made the database API's orderBy() method sanitize the
 sort direction ("ASC" or "DESC") for queries built with db_select(), so that
 calling code does not have to.
 .
 Backported from 7.33.

modules/system/system.base-rtl.css | 4 2 + 2 - 0 !
modules/system/system.base.css | 9 5 + 4 - 0 !
themes/bartik/css/style-rtl.css | 4 2 + 2 - 0 !
themes/bartik/css/style.css | 8 0 + 8 - 0 !
themes/seven/style.css | 7 1 + 6 - 0 !
5 files changed, 10 insertions(+), 22 deletions(-)

 fixes alignment issue in the ajax progress throbber
 Fixed a bug which caused the Ajax progress throbber to appear misaligned in
 many situatons (minor styling change).
 .
 Fixes Drupal issue #1069152
 .
 Backported from 7.33.

modules/field/field.module | 9 6 + 3 - 0 !
modules/field/tests/field.test | 60 60 + 0 - 0 !
2 files changed, 66 insertions(+), 3 deletions(-)

 avoid data loss on entities with revisions due to wrong return code
 Fixed a bug in which field_has_data() did not return TRUE for fields that
 only had data in older entity revisions, leading to loss of the field's data
 when the field configuration was edited.
 .
 Fixes Drupal issue #2278583
 .
 Backported from 7.33.

modules/user/user.module | 5 5 + 0 - 0 !
modules/user/user.test | 11 11 + 0 - 0 !
2 files changed, 16 insertions(+)

 avoid losing user pictures when re-saving
 Fixed a bug which caused user pictures to be removed from the user object
 after saving, and resulted in data loss if the user account was subsequently
 re-saved.
 .
 Fixes Drupal issue #935592
 .
 Backported from 7.33.

includes/bootstrap.inc | 20 20 + 0 - 0 !
includes/common.inc | 46 34 + 12 - 0 !
modules/simpletest/tests/bootstrap.test | 82 82 + 0 - 0 !
modules/simpletest/tests/common.test | 20 20 + 0 - 0 !
modules/simpletest/tests/system_test.module | 38 38 + 0 - 0 !
modules/statistics/statistics.test | 2 1 + 1 - 0 !
modules/system/system.test | 43 43 + 0 - 0 !
modules/user/user.module | 29 25 + 4 - 0 !
modules/user/user.pages.inc | 4 2 + 2 - 0 !
modules/user/user.test | 84 76 + 8 - 0 !
10 files changed, 341 insertions(+), 27 deletions(-)

 fixes sa-core-2015-001 (access bypass on password reseturls; open redirect)