CVE-2015-3231 Information

Description

The Render cache system in Drupal 7.x before 7.38 when used to cache content by user role allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html http://www.debian.org/security/2015/dsa-3291 http://www.securityfocus.com/bid/75286 https://www.drupal.org/SA-CORE-2015-002