– Upstream release notes: https://www.drupal.org/drupal-7.35-release-notes
– Official security advisory: https://www.drupal.org/SA-CORE-2015-001

Resolved Bugs
1197084 – CVE-2015-0296 texlive: texlive rpm scriptlet allows unprivileged user to delete arbitrary files [fedora-all]
1197082 – CVE-2015-0296 texlive rpm scriptlet allows unprivileged user to delete arbitrary files<br
CVE-2015-0296 texlive rpm scriptlet allows unprivileged user to delete arbitrary files. This update fixes this issue

Resolved Bugs
1199103 – CVE-2015-0252 xerces-c: crashes on malformed input
1204019 – CVE-2015-0252 mingw-xerces-c: xerces-c: crashes on malformed input [fedora-all]<br
Security fix for CVE-2015-0252.

Resolved Bugs
1196738 – CVE-2015-0292 CVE-2015-0209 CVE-2015-0287 CVE-2015-0286 CVE-2015-0289 CVE-2015-0288 openssl: various flaws [fedora-all]
1196737 – CVE-2015-0209 openssl: use-after-free on invalid EC private key import
1202366 – CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()
1202380 – CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption
1202384 – CVE-2015-0289 openssl: PKCS7 NULL pointer dereference
1202395 – CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding
1202404 – CVE-2015-0293 openssl: assertion failure in SSLv2 servers
1202418 – CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference<br
Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292, CVE-2015-0287, CVE-2015-0286, CVE-2015-0288

– Upstream release notes: https://www.drupal.org/drupal-7.35-release-notes
– Official security advisory: https://www.drupal.org/SA-CORE-2015-001

Resolved Bugs
1203480 – drupal7-ctools-1.7 is available<br
Update to upstream 1.7 release for security fixes

Resolved Bugs
1196738 – CVE-2015-0292 CVE-2015-0209 CVE-2015-0287 CVE-2015-0286 CVE-2015-0289 CVE-2015-0288 openssl: various flaws [fedora-all]
1196737 – CVE-2015-0209 openssl: use-after-free on invalid EC private key import
1202366 – CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()
1202380 – CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption
1202384 – CVE-2015-0289 openssl: PKCS7 NULL pointer dereference
1202418 – CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference
1202395 – CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding
1202404 – CVE-2015-0293 openssl: assertion failure in SSLv2 servers<br
Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292, CVE-2015-0287, CVE-2015-0286, CVE-2015-0288

Resolved Bugs
1196738 – CVE-2015-0292 CVE-2015-0209 CVE-2015-0287 CVE-2015-0286 CVE-2015-0289 CVE-2015-0288 openssl: various flaws [fedora-all]
1202366 – CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()
1202384 – CVE-2015-0289 openssl: PKCS7 NULL pointer dereference
1202404 – CVE-2015-0293 openssl: assertion failure in SSLv2 servers
1196737 – CVE-2015-0209 openssl: use-after-free on invalid EC private key import
1202380 – CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption
1202395 – CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding
1202418 – CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference<br
Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292, CVE-2015-0287, CVE-2015-0286, CVE-2015-0288

Resolved Bugs
1199103 – CVE-2015-0252 xerces-c: crashes on malformed input
1204018 – CVE-2015-0252 xerces-c: crashes on malformed input [fedora-all]<br
Security fix for CVE-2015-0252.

Resolved Bugs
1203480 – drupal7-ctools-1.7 is available<br
Update to upstream 1.7 release for security fixes