Your message dated Sun, 25 Feb 2018 15:02:09 +0000 with message-id <e1epxox-00048z...@fasolo.debian.org> and subject line Bug#891152: fixed in drupal7 7.52-2+deb9u2 has caused the Debian Bug report #891152, regarding drupal7: CVE-2017-6928: SA-CORE-2018-001: Private file access bypass to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 891152: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891152 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: drupal7 Version: 7.56-1 Severity: grave Tags: security upstream Hi There was a new Drupal security advisory at https://www.drupal.org/sa-core-2018-001 where several issues affect as well drupal7. * JavaScript cross-site scripting prevention is incomplete - Critical - Drupal 7 and Drupal 8 * Private file access bypass - Moderately Critical - Drupal 7 * jQuery vulnerability with untrusted domains - Moderately Critical - Drupal 7 * External link injection on 404 pages when linking to the current page - Less Critical - Drupal 7 and fixed with 7.57 (others are affecting only Drupal 8, which is not going to be packaged in Debian). Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: drupal7 Source-Version: 7.52-2+deb9u2 We believe that the bug you reported is fixed in the latest version of drupal7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 891...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gunnar Wolf <gw...@debian.org> (supplier of updated drupal7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 22 Jun 2017 11:56:08 -0500 Source: drupal7 Binary: drupal7 Architecture: source all Version: 7.52-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Gunnar Wolf <gw...@debian.org> Changed-By: Gunnar Wolf <gw...@debian.org> Description: drupal7 - fully-featured content management framework Closes: 891150 891152 891153 891154 Changes: drupal7 (7.52-2+deb9u2) stretch-security; urgency=high . * Added missing DEP5 header to SA-CORE-2017-003 patch * Uncruft: Remove an unused .dpatch file still from the drupal6 era(!) * Fixes multiple security vulnerabilities, grouped under Drupal's SA-CORE-2018-001 (CVEs yet unassigned): - External link injection on 404 pages when linking to the current page (Closes: #891154) - jQuery vulnerability with untrusted domains (Closes: #891153) - Private file access bypass (Closes: #891152) - JavaScript cross-site scripting prevention is incomplete (Closes: #891150) Checksums-Sha1: 225c3982bfbd02b3db5459c311743639d93e6603 1904 drupal7_7.52-2+deb9u2.dsc 24a69c198db2358aa28e24e4ff32aafcd1f2ef38 192124 drupal7_7.52-2+deb9u2.debian.tar.xz c4fcd864d0f3d50b11bc9c6fed046234226be95f 2517480 drupal7_7.52-2+deb9u2_all.deb 83a9790be1b87c47310704d9e1c202d72c4b4340 8574 drupal7_7.52-2+deb9u2_amd64.buildinfo Checksums-Sha256: 87509fea6f62f7c2aeda059b6086eaccb9f0282289746befb18a9be98847dc88 1904 drupal7_7.52-2+deb9u2.dsc ee93b46c165829788e062ca3a03f9bcd4782fbebb84bad834480dfb6256d4004 192124 drupal7_7.52-2+deb9u2.debian.tar.xz 1db16f45bfcb17191bb2b18712bb97e736e809c6d49bcb7d387bb38f3b380d01 2517480 drupal7_7.52-2+deb9u2_all.deb 0fa8447251ca25b58ee89cdf41363ac33b4ee5318d40429ce6f9afb0ced289aa 8574 drupal7_7.52-2+deb9u2_amd64.buildinfo Files: 23cafd996c10e83910ba27c93eed1dbd 1904 web extra drupal7_7.52-2+deb9u2.dsc 82739f130e15ab1cf982800a7d9c27d6 192124 web extra drupal7_7.52-2+deb9u2.debian.tar.xz 6c37f015793d430f388e56c6926e329b 2517480 web extra drupal7_7.52-2+deb9u2_all.deb 686099084ea2eeeca6cca0da3ac3e0c0 8574 web extra drupal7_7.52-2+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEq0HBxor9ZoygRev4ZzoD5MHbkh8FAlqQeAUACgkQZzoD5MHb kh+vDg/+O19En/vanthhp4qmbtvWUsJ0o6slD+aF3o9ln24Pon72Z15a7wbmj7+m Dz44qHPk034/sbDOQAuDYDUP5fL0V7JYh7rF6JL8w+FA4o62SIgMLYaeWFTS+S6+ F0J0Qa+9Xb+Bd6OBY3LiDtME4kVW1VD3se7IqYQ1qQrKNWedABzDHn7Un1p7DfYB f2vIqLcsSPMagHj0judOfumoUsBrDLMU3S+/aGL2HjCIYV7ilFSIRlwLtItDOB03 sLOAUNue6X1BCmCLZxmIYw1f3IfiT3oqXpmwoCJ6UMHgh2Fg5LbTlLaBhkL5/4f7 pdvgdorRQTZSOSHnmLKIhmZEeLbR3LPaU6LaXpHF99gHoinQCfDOjuSPqeVTsVZc NTTeGOh0NVRyBNKd6CXhkfK9ntSFh4xQXhhD9f/Ibmh/Co3CeILT6F0LklpkNfxE kdmq0PgHe/rXc4R3NyfpzXJ9QZX6jmNQaNo3RQcVn1uY3V9V64CJaJUURCKfOS3t LoB5Xo2tQCKXzW4GQ7kbAXG/9tX78+vGZBNnGLXgYBgyFeUFfzxZTy1XxqL5zoga Q2E6YeZJZOJmdUDrKw9dI3/nuZ0ZW8vJgbUhVQlu3bqtEHu6wmhlLjfNMSEQW7SG AT+SWTGGIpvAj7TCY1hr+ki0Li/ZGyM5KH9Pq4SG/TvwrS8Hn8s= =gHlf -----END PGP SIGNATURE-----
--- End Message ---
