Your message dated Fri, 23 Feb 2018 20:51:25 +0000 with message-id <e1epkjr-0005de...@fasolo.debian.org> and subject line Bug#891153: fixed in drupal7 7.57-1 has caused the Debian Bug report #891153, regarding drupal7: SA-CORE-2018-001: jQuery vulnerability with untrusted domains to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 891153: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891153 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: drupal7 Version: 7.56-1 Severity: grave Tags: security upstream Hi There was a new Drupal security advisory at https://www.drupal.org/sa-core-2018-001 where several issues affect as well drupal7. * JavaScript cross-site scripting prevention is incomplete - Critical - Drupal 7 and Drupal 8 * Private file access bypass - Moderately Critical - Drupal 7 * jQuery vulnerability with untrusted domains - Moderately Critical - Drupal 7 * External link injection on 404 pages when linking to the current page - Less Critical - Drupal 7 and fixed with 7.57 (others are affecting only Drupal 8, which is not going to be packaged in Debian). Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: drupal7 Source-Version: 7.57-1 We believe that the bug you reported is fixed in the latest version of drupal7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 891...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gunnar Wolf <gw...@debian.org> (supplier of updated drupal7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 23 Feb 2018 13:37:09 -0600 Source: drupal7 Binary: drupal7 Architecture: source all Version: 7.57-1 Distribution: unstable Urgency: high Maintainer: Gunnar Wolf <gw...@debian.org> Changed-By: Gunnar Wolf <gw...@debian.org> Description: drupal7 - fully-featured content management framework Closes: 891150 891152 891153 891154 Changes: drupal7 (7.57-1) unstable; urgency=high . * New upstream release * Fixes multiple security vulnerabilities, grouped under Drupal's SA-CORE-2018-001 (CVEs yet unassigned): - External link injection on 404 pages when linking to the current page (Closes: #891154) - jQuery vulnerability with untrusted domains (Closes: #891153) - Private file access bypass (Closes: #891152) - JavaScript cross-site scripting prevention is incomplete (Closes: #891150) * Uncruft: Remove an unused .dpatch file still from the drupal6 era(!) * Bump up standards-version to current policy (4.1.3.0) - Move from Priority: extra to Priority: optional Checksums-Sha1: 0bcd900daffff299b17059356c94278916987249 1881 drupal7_7.57-1.dsc 0e11212a07c87f10706b80cbf19db18925791a49 3279405 drupal7_7.57.orig.tar.gz da525361ab1e539ae1b0f11d7ed0e8ff278f2005 187672 drupal7_7.57-1.debian.tar.xz 88353ce704092b8b55a227c5365c387d50420060 2522040 drupal7_7.57-1_all.deb 17e1e0943c4247ee3fc3f422bb500cff31e990ff 8525 drupal7_7.57-1_amd64.buildinfo Checksums-Sha256: d20e95ef2b4ee9acc371a800c354092f07ea00939316eab5f53efc9166a18a9d 1881 drupal7_7.57-1.dsc c3bc1173d7830941fa9ee6061d555fec334bd6834d2fc5c870f3aef1fbf667e2 3279405 drupal7_7.57.orig.tar.gz 165bd1bccc78ce131637338f4581d9c61c0c612a8f72282904d3af3026681f0a 187672 drupal7_7.57-1.debian.tar.xz abcc665c3f312adde572a778ecbabfc3f265673fd9b1c2bd068b7c708a7f74a6 2522040 drupal7_7.57-1_all.deb 38b8552844f54d86daec47fa59360b0e25375eaca175cb3060ecf9472537c192 8525 drupal7_7.57-1_amd64.buildinfo Files: b03b351c50f06d6765b5d54f03dd290c 1881 web optional drupal7_7.57-1.dsc 44dec95a0ef56c4786785f575ac59a60 3279405 web optional drupal7_7.57.orig.tar.gz 959a8236637c8a36b1536f1985e45c7d 187672 web optional drupal7_7.57-1.debian.tar.xz 33278b3d6a14a99b4b226d7e48739477 2522040 web optional drupal7_7.57-1_all.deb 6651b3ca66fc3dff98bd670a0c1ae75e 8525 web optional drupal7_7.57-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAdFiEEq0HBxor9ZoygRev4ZzoD5MHbkh8FAlqQcHUACgkQZzoD5MHb kh/rAw/449Axo2wmdaWZEvZemUcmNRlQSt3pfsTxARHGIio49NmzeidKpbnl9cMu I2sqNDegKgKL5WF+oL+5hkDqstnT8ko9Pfw+eR/RPU9pqkbamnItToGaQvNvCFth vHpG4wnYdN/PEa6YoUbqfVlGlXcqRRuO6PE1a86CbK5KBSZEsFVBZwsDhDsI+6hr V6uWC2FAmKVXxhZuTvCE1s3tHPOhKkFg2VellXnuMg5WGEOy3fh8ACdGZo3l2L7X NjDBrB3m0cIcmipgRaTMeaP/VEN+FWSW4dMsnNUT04zeh0KKxX/8+CO/Z6PaE6Jw bmRf6IItL+WPj6wH2KHZ4EMGjYTstPN/guYhRFaKClJYw7uGBc0RCHcjX8Sg/GKu LDbKroNPxBDbJiH4fuFlRXpJxnaFstBO2oOELYLiDXQaeYuotGUktU4zJFRtOIrp dbV/PyNL562pKV7KrG0hOipA6hiAUMYggJ4+kA/Y3Nibhv7JeCSA8HjlqOH2MOK+ pINFXN7vGoWGx+39l27a/z7IbIc12jSgZB6vHn6I8l2sU2eXBr1x+me4EuGgijwY Jj1yLgIdScbq/3o2Zt95FN6LRsp5n1+jT0On0EWLdzZcYzhmxKkr4wfUMQIkh/n7 bL49b70Q2Jy4i0dhcHz/RWAUQWOIVrVaj/6zEgP07cJrxS1sOA== =p3By -----END PGP SIGNATURE-----
--- End Message ---
