Bug#891150: drupal7: SA-CORE-2018-001: Several vulnerabilities
Salvatore Bonaccorso dijo [Thu, Feb 22, 2018 at 08:46:30PM +0100]: > There was a new Drupal security advisory at > > https://www.drupal.org/sa-core-2018-001 > > where several issues affect as well drupal7. > > * JavaScript cross-site scripting prevention is incomplete - Critical - >Drupal 7 and Drupal 8 > * Private file access bypass - Moderately Critical - Drupal 7 > * jQuery vulnerability with untrusted domains - Moderately Critical >- Drupal 7 > * External link injection on 404 pages when linking to the current page >- Less Critical - Drupal 7 I intend to work on this tomorrow; have been quite time-constrained, so any help will be welcome. But I intend to upload a new version for, at least, unstable and stable-security tomorrow afternoonish (@mex). Thanks for the heads-up.
Bug#891150: drupal7: SA-CORE-2018-001: Several vulnerabilities
Control: clone -1 -2 -3 -4 Control: retitle -1 drupal7: SA-CORE-2018-001: JavaScript cross-site scripting prevention is incomplete Control: retitle -2 drupal7: SA-CORE-2018-001: Private file access bypass Control: retitle -3 drupal7: SA-CORE-2018-001: jQuery vulnerability with untrusted domains Control: retitle -4 drupal7: SA-CORE-2018-001: External link injection on 404 pages when linking to the current page Hi On Thu, Feb 22, 2018 at 08:46:30PM +0100, Salvatore Bonaccorso wrote: > Source: drupal7 > Version: 7.56-1 > Severity: grave > Tags: security upstream > > Hi > > There was a new Drupal security advisory at > > https://www.drupal.org/sa-core-2018-001 > > where several issues affect as well drupal7. > > * JavaScript cross-site scripting prevention is incomplete - Critical - >Drupal 7 and Drupal 8 > * Private file access bypass - Moderately Critical - Drupal 7 > * jQuery vulnerability with untrusted domains - Moderately Critical >- Drupal 7 > * External link injection on 404 pages when linking to the current page >- Less Critical - Drupal 7 Let's split this up actually in the individual issues affecting Drupal 7 since there are no CVE yet available to identify the issues. Regards, Salvatore
Bug#891150: drupal7: SA-CORE-2018-001: Several vulnerabilities
Source: drupal7 Version: 7.56-1 Severity: grave Tags: security upstream Hi There was a new Drupal security advisory at https://www.drupal.org/sa-core-2018-001 where several issues affect as well drupal7. * JavaScript cross-site scripting prevention is incomplete - Critical - Drupal 7 and Drupal 8 * Private file access bypass - Moderately Critical - Drupal 7 * jQuery vulnerability with untrusted domains - Moderately Critical - Drupal 7 * External link injection on 404 pages when linking to the current page - Less Critical - Drupal 7 and fixed with 7.57 (others are affecting only Drupal 8, which is not going to be packaged in Debian). Regards, Salvatore