Source: drupal7 Version: 7.56-1 Severity: grave Tags: security upstream Hi
There was a new Drupal security advisory at https://www.drupal.org/sa-core-2018-001 where several issues affect as well drupal7. * JavaScript cross-site scripting prevention is incomplete - Critical - Drupal 7 and Drupal 8 * Private file access bypass - Moderately Critical - Drupal 7 * jQuery vulnerability with untrusted domains - Moderately Critical - Drupal 7 * External link injection on 404 pages when linking to the current page - Less Critical - Drupal 7 and fixed with 7.57 (others are affecting only Drupal 8, which is not going to be packaged in Debian). Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
