[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] drupal7 DSA
Moritz Muehlenhoff
jmm at debian.org
Sat Feb 24 11:46:35 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e984cc38 by Moritz Muehlenhoff at 2018-02-24T12:46:08+01:00
drupal7 DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -306,15 +306,23 @@ CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandle
NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
CVE-2018-XXXX [SA-CORE-2018-001: External link injection on 404 pages when linking to the current page]
- drupal7 7.57-1 (bug #891154)
+ [stretch] - drupal7 7.52-2+deb9u2
+ [jessie] - drupal7 7.32-1+deb8u10
NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2018-XXXX [SA-CORE-2018-001: jQuery vulnerability with untrusted domains]
- drupal7 7.57-1 (bug #891153)
+ [stretch] - drupal7 7.52-2+deb9u2
+ [jessie] - drupal7 7.32-1+deb8u10
NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2018-XXXX [SA-CORE-2018-001: Private file access bypass]
- drupal7 7.57-1 (bug #891152)
+ [stretch] - drupal7 7.52-2+deb9u2
+ [jessie] - drupal7 7.32-1+deb8u10
NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2018-XXXX [SA-CORE-2018-001: JavaScript cross-site scripting prevention is incomplete]
- drupal7 7.57-1 (bug #891150)
+ [stretch] - drupal7 7.52-2+deb9u2
+ [jessie] - drupal7 7.32-1+deb8u10
NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2018-7338
RESERVED
=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,6 @@
+[24 Feb 2018] DSA-4123-1 drupal7 - security update
+ [jessie] - drupal7 7.32-1+deb8u10
+ [stretch] - drupal7 7.52-2+deb9u2
[23 Feb 2018] DSA-4122-1 squid3 - security update
{CVE-2018-1000024 CVE-2018-1000027}
[jessie] - squid3 3.4.8-6+deb8u5
=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -18,8 +18,6 @@ asterisk/stable
--
chromium-browser/stable
--
-drupal7
---
ffmpeg/stable
Wait for next 3.2.x release
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e984cc38075b7608b405dc601a24761d0f34fd86
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e984cc38075b7608b405dc601a24761d0f34fd86
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180224/0fb4bfd0/attachment-0001.html>
More information about the Secure-testing-commits
mailing list