Bug#891153: marked as done (drupal7: CVE-2017-6929: jQuery vulnerability with untrusted domains)

2018-03-10 Thread Debian Bug Tracking System 
Your message dated Sat, 10 Mar 2018 23:18:04 +
with message-id 
and subject line Bug#891153: fixed in drupal7 7.32-1+deb8u10
has caused the Debian Bug report #891153,
regarding drupal7: CVE-2017-6929: jQuery vulnerability with untrusted domains
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
891153: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891153
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: drupal7
Version: 7.56-1
Severity: grave
Tags: security upstream

Hi

There was a new Drupal security advisory at

https://www.drupal.org/sa-core-2018-001

where several issues affect as well drupal7.

 * JavaScript cross-site scripting prevention is incomplete - Critical -
   Drupal 7 and Drupal 8
 * Private file access bypass - Moderately Critical - Drupal 7
 * jQuery vulnerability with untrusted domains - Moderately Critical
   - Drupal 7
 * External link injection on 404 pages when linking to the current page
   - Less Critical - Drupal 7

and fixed with 7.57 (others are affecting only Drupal 8, which is not
going to be packaged in Debian).

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: drupal7
Source-Version: 7.32-1+deb8u10

We believe that the bug you reported is fixed in the latest version of
drupal7, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 891...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gunnar Wolf  (supplier of updated drupal7 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 24 Feb 2018 01:06:57 -0600
Source: drupal7
Binary: drupal7
Architecture: source all
Version: 7.32-1+deb8u10
Distribution: jessie-security
Urgency: high
Maintainer: Luigi Gangitano 
Changed-By: Gunnar Wolf 
Description:
 drupal7- fully-featured content management framework
Closes: 891150 891152 891153 891154
Changes:
 drupal7 (7.32-1+deb8u10) jessie-security; urgency=high
 .
   * Fixes multiple security vulnerabilities, grouped under Drupal's
 SA-CORE-2018-001 (CVEs yet unassigned):
 - External link injection on 404 pages when linking to the current
   page (Closes: #891154)
 - jQuery vulnerability with untrusted domains (Closes: #891153)
 - Private file access bypass (Closes: #891152)
 - JavaScript cross-site scripting prevention is incomplete (Closes:
   #891150)
Checksums-Sha1:
 eae0fea90d6e695a2977d074d653d3b2e3afa0f2 1915 drupal7_7.32-1+deb8u10.dsc
 07205490873a9e2ee71015105242471f22f04e03 203464 
drupal7_7.32-1+deb8u10.debian.tar.xz
 bb81220b8a9dd183d900174cdce3f1e95b7bb85b 2470428 drupal7_7.32-1+deb8u10_all.deb
 6f616bdcca1e94d0ce9281b76d9f1695724d7c28 8581 
drupal7_7.32-1+deb8u10_amd64.buildinfo
Checksums-Sha256:
 63f2e73915750d0459987c1180ffd64be12140cb33c6d4de4512c51e8b362d7f 1915 
drupal7_7.32-1+deb8u10.dsc
 64e6a3f0bdb5b712e6baef113e07821b68149db948cb0351b269ad62602f78e7 203464 
drupal7_7.32-1+deb8u10.debian.tar.xz
 01b22847c274954ab80d6641449feac10c4084ec2747aa1b1046a6eb39160df9 2470428 
drupal7_7.32-1+deb8u10_all.deb
 d1f1e59aeadce1b3dbd37da206fb3eaf23daff51f3174b7a6eb76bc09b81a2fb 8581 
drupal7_7.32-1+deb8u10_amd64.buildinfo
Files:
 c415847e5d547e0b30d6867b3dc5e03e 1915 web extra drupal7_7.32-1+deb8u10.dsc
 6b546c8dde289dbde9cf33f0c0719a42 203464 web extra 
drupal7_7.32-1+deb8u10.debian.tar.xz
 975ab41fb6df1a6430e4c5ba38f24f2e 2470428 web extra 
drupal7_7.32-1+deb8u10_all.deb
 0fd5847b9b75374d2458d642612495cb 8581 web extra 
drupal7_7.32-1+deb8u10_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEq0HBxor9ZoygRev4ZzoD5MHbkh8FAlqRENwACgkQZzoD5MHb
kh9mVxAApeLeACgYPmOWhmY28M2gGx4+slvlI5ZxBYiIJflX2ksOd9aIRP52GhrJ
n7E5lVsfeOyoKSlH5YfIKGAfBePCNZRep8YyErUbvmwvDd5276fHBdg60/0EEj/S
TwIu7saxlCsFq7tw8w6ftl2sMMb5W/KtEDAxeCGeUmlArk2Hh9SgX0+x+pmudRXv
HD86fFFoHmlkLYJLFeu4LouoZvriAW5arp1Ysg0oO3QMgkczA7c8KYMk074enaMQ
vmldEjql5MrwZ9PwTOIfWnTqaYK25tO3qTEn6iPNiH/+RKkYKbtBdfYcrXN9Db1L
c5SI7DbsNAgPR2dL3NrDbEgID1e6zCekloLKNnki8Xp11/ZZj6KE3qRzgaXCjinM
NHfS+yF2EQuoaE+PqakItvfSbgWeODg1A5yr0p7vjHnkpkpqsIJ+zHmhUA7wgcWi

Bug#891153: marked as done (drupal7: CVE-2017-6929: jQuery vulnerability with untrusted domains)

2018-02-25 Thread Debian Bug Tracking System 
Your message dated Sun, 25 Feb 2018 15:02:09 +
with message-id 
and subject line Bug#891153: fixed in drupal7 7.52-2+deb9u2
has caused the Debian Bug report #891153,
regarding drupal7: CVE-2017-6929: jQuery vulnerability with untrusted domains
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
891153: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891153
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: drupal7
Version: 7.56-1
Severity: grave
Tags: security upstream

Hi

There was a new Drupal security advisory at

https://www.drupal.org/sa-core-2018-001

where several issues affect as well drupal7.

 * JavaScript cross-site scripting prevention is incomplete - Critical -
   Drupal 7 and Drupal 8
 * Private file access bypass - Moderately Critical - Drupal 7
 * jQuery vulnerability with untrusted domains - Moderately Critical
   - Drupal 7
 * External link injection on 404 pages when linking to the current page
   - Less Critical - Drupal 7

and fixed with 7.57 (others are affecting only Drupal 8, which is not
going to be packaged in Debian).

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: drupal7
Source-Version: 7.52-2+deb9u2

We believe that the bug you reported is fixed in the latest version of
drupal7, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 891...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gunnar Wolf  (supplier of updated drupal7 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 22 Jun 2017 11:56:08 -0500
Source: drupal7
Binary: drupal7
Architecture: source all
Version: 7.52-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Gunnar Wolf 
Changed-By: Gunnar Wolf 
Description:
 drupal7- fully-featured content management framework
Closes: 891150 891152 891153 891154
Changes:
 drupal7 (7.52-2+deb9u2) stretch-security; urgency=high
 .
   * Added missing DEP5 header to SA-CORE-2017-003 patch
   * Uncruft: Remove an unused .dpatch file still from the drupal6 era(!)
   * Fixes multiple security vulnerabilities, grouped under Drupal's
 SA-CORE-2018-001 (CVEs yet unassigned):
 - External link injection on 404 pages when linking to the current
   page (Closes: #891154)
 - jQuery vulnerability with untrusted domains (Closes: #891153)
 - Private file access bypass (Closes: #891152)
 - JavaScript cross-site scripting prevention is incomplete (Closes:
   #891150)
Checksums-Sha1:
 225c3982bfbd02b3db5459c311743639d93e6603 1904 drupal7_7.52-2+deb9u2.dsc
 24a69c198db2358aa28e24e4ff32aafcd1f2ef38 192124 
drupal7_7.52-2+deb9u2.debian.tar.xz
 c4fcd864d0f3d50b11bc9c6fed046234226be95f 2517480 drupal7_7.52-2+deb9u2_all.deb
 83a9790be1b87c47310704d9e1c202d72c4b4340 8574 
drupal7_7.52-2+deb9u2_amd64.buildinfo
Checksums-Sha256:
 87509fea6f62f7c2aeda059b6086eaccb9f0282289746befb18a9be98847dc88 1904 
drupal7_7.52-2+deb9u2.dsc
 ee93b46c165829788e062ca3a03f9bcd4782fbebb84bad834480dfb6256d4004 192124 
drupal7_7.52-2+deb9u2.debian.tar.xz
 1db16f45bfcb17191bb2b18712bb97e736e809c6d49bcb7d387bb38f3b380d01 2517480 
drupal7_7.52-2+deb9u2_all.deb
 0fa8447251ca25b58ee89cdf41363ac33b4ee5318d40429ce6f9afb0ced289aa 8574 
drupal7_7.52-2+deb9u2_amd64.buildinfo
Files:
 23cafd996c10e83910ba27c93eed1dbd 1904 web extra drupal7_7.52-2+deb9u2.dsc
 82739f130e15ab1cf982800a7d9c27d6 192124 web extra 
drupal7_7.52-2+deb9u2.debian.tar.xz
 6c37f015793d430f388e56c6926e329b 2517480 web extra 
drupal7_7.52-2+deb9u2_all.deb
 686099084ea2eeeca6cca0da3ac3e0c0 8574 web extra 
drupal7_7.52-2+deb9u2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEq0HBxor9ZoygRev4ZzoD5MHbkh8FAlqQeAUACgkQZzoD5MHb
kh+vDg/+O19En/vanthhp4qmbtvWUsJ0o6slD+aF3o9ln24Pon72Z15a7wbmj7+m
Dz44qHPk034/sbDOQAuDYDUP5fL0V7JYh7rF6JL8w+FA4o62SIgMLYaeWFTS+S6+
F0J0Qa+9Xb+Bd6OBY3LiDtME4kVW1VD3se7IqYQ1qQrKNWedABzDHn7Un1p7DfYB
f2vIqLcsSPMagHj0judOfumoUsBrDLMU3S+/aGL2HjCIYV7ilFSIRlwLtItDOB03
sLOAUNue6X1BCmCLZxmIYw1f3IfiT3oqXpmwoCJ6UMHgh2Fg5LbTlLaBhkL5/4f7