Your message dated Sat, 10 Mar 2018 23:18:04 +0000 with message-id <e1eunka-000gwh...@fasolo.debian.org> and subject line Bug#891152: fixed in drupal7 7.32-1+deb8u10 has caused the Debian Bug report #891152, regarding drupal7: CVE-2017-6928: SA-CORE-2018-001: Private file access bypass to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 891152: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891152 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: drupal7 Version: 7.56-1 Severity: grave Tags: security upstream Hi There was a new Drupal security advisory at https://www.drupal.org/sa-core-2018-001 where several issues affect as well drupal7. * JavaScript cross-site scripting prevention is incomplete - Critical - Drupal 7 and Drupal 8 * Private file access bypass - Moderately Critical - Drupal 7 * jQuery vulnerability with untrusted domains - Moderately Critical - Drupal 7 * External link injection on 404 pages when linking to the current page - Less Critical - Drupal 7 and fixed with 7.57 (others are affecting only Drupal 8, which is not going to be packaged in Debian). Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: drupal7 Source-Version: 7.32-1+deb8u10 We believe that the bug you reported is fixed in the latest version of drupal7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 891...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gunnar Wolf <gw...@debian.org> (supplier of updated drupal7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 24 Feb 2018 01:06:57 -0600 Source: drupal7 Binary: drupal7 Architecture: source all Version: 7.32-1+deb8u10 Distribution: jessie-security Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Gunnar Wolf <gw...@debian.org> Description: drupal7 - fully-featured content management framework Closes: 891150 891152 891153 891154 Changes: drupal7 (7.32-1+deb8u10) jessie-security; urgency=high . * Fixes multiple security vulnerabilities, grouped under Drupal's SA-CORE-2018-001 (CVEs yet unassigned): - External link injection on 404 pages when linking to the current page (Closes: #891154) - jQuery vulnerability with untrusted domains (Closes: #891153) - Private file access bypass (Closes: #891152) - JavaScript cross-site scripting prevention is incomplete (Closes: #891150) Checksums-Sha1: eae0fea90d6e695a2977d074d653d3b2e3afa0f2 1915 drupal7_7.32-1+deb8u10.dsc 07205490873a9e2ee71015105242471f22f04e03 203464 drupal7_7.32-1+deb8u10.debian.tar.xz bb81220b8a9dd183d900174cdce3f1e95b7bb85b 2470428 drupal7_7.32-1+deb8u10_all.deb 6f616bdcca1e94d0ce9281b76d9f1695724d7c28 8581 drupal7_7.32-1+deb8u10_amd64.buildinfo Checksums-Sha256: 63f2e73915750d0459987c1180ffd64be12140cb33c6d4de4512c51e8b362d7f 1915 drupal7_7.32-1+deb8u10.dsc 64e6a3f0bdb5b712e6baef113e07821b68149db948cb0351b269ad62602f78e7 203464 drupal7_7.32-1+deb8u10.debian.tar.xz 01b22847c274954ab80d6641449feac10c4084ec2747aa1b1046a6eb39160df9 2470428 drupal7_7.32-1+deb8u10_all.deb d1f1e59aeadce1b3dbd37da206fb3eaf23daff51f3174b7a6eb76bc09b81a2fb 8581 drupal7_7.32-1+deb8u10_amd64.buildinfo Files: c415847e5d547e0b30d6867b3dc5e03e 1915 web extra drupal7_7.32-1+deb8u10.dsc 6b546c8dde289dbde9cf33f0c0719a42 203464 web extra drupal7_7.32-1+deb8u10.debian.tar.xz 975ab41fb6df1a6430e4c5ba38f24f2e 2470428 web extra drupal7_7.32-1+deb8u10_all.deb 0fd5847b9b75374d2458d642612495cb 8581 web extra drupal7_7.32-1+deb8u10_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEq0HBxor9ZoygRev4ZzoD5MHbkh8FAlqRENwACgkQZzoD5MHb kh9mVxAApeLeACgYPmOWhmY28M2gGx4+slvlI5ZxBYiIJflX2ksOd9aIRP52GhrJ n7E5lVsfeOyoKSlH5YfIKGAfBePCNZRep8YyErUbvmwvDd5276fHBdg60/0EEj/S TwIu7saxlCsFq7tw8w6ftl2sMMb5W/KtEDAxeCGeUmlArk2Hh9SgX0+x+pmudRXv HD86fFFoHmlkLYJLFeu4LouoZvriAW5arp1Ysg0oO3QMgkczA7c8KYMk074enaMQ vmldEjql5MrwZ9PwTOIfWnTqaYK25tO3qTEn6iPNiH/+RKkYKbtBdfYcrXN9Db1L c5SI7DbsNAgPR2dL3NrDbEgID1e6zCekloLKNnki8Xp11/ZZj6KE3qRzgaXCjinM NHfS+yF2EQuoaE+PqakItvfSbgWeODg1A5yr0p7vjHnkpkpqsIJ+zHmhUA7wgcWi +cN/yl8d1fT2iZU3lp4XfwSDRsC406RaFeWbjB4LgOJtf4ogku1RxPtYhts9GGwS kepKza6hpWQ0hgyyjbA7tC67pcF4FQ/WhZQMojpjzYZZZza0CUDloNvfU//Tdpsb 7QG7jckJgN+X0DforTyQUv5JeupGrqaTBS5Q6p84Qvo73O+a/Pa9czjZPXdnTan9 jES5FgA++A++Vg5NGtL9WVpKdUaOvE1ivK1dR68Q664xtveydxk= =GrLL -----END PGP SIGNATURE-----
--- End Message ---
