Tags: security upstream
There was a new Drupal security advisory at
where several issues affect as well drupal7.
Drupal 7 and Drupal 8
* Private file access bypass - Moderately Critical - Drupal 7
* jQuery vulnerability with untrusted domains - Moderately Critical
- Drupal 7
* External link injection on 404 pages when linking to the current page
- Less Critical - Drupal 7
and fixed with 7.57 (others are affecting only Drupal 8, which is not
going to be packaged in Debian).
Secure-testing-team mailing list