Source: drupal7
Version: 7.56-1
Severity: grave
Tags: security upstream


There was a new Drupal security advisory at

where several issues affect as well drupal7.

 * JavaScript cross-site scripting prevention is incomplete - Critical -
   Drupal 7 and Drupal 8
 * Private file access bypass - Moderately Critical - Drupal 7
 * jQuery vulnerability with untrusted domains - Moderately Critical
   - Drupal 7
 * External link injection on 404 pages when linking to the current page
   - Less Critical - Drupal 7

and fixed with 7.57 (others are affecting only Drupal 8, which is not
going to be packaged in Debian).


Reply via email to