Bug#891153: marked as done (drupal7: CVE-2017-6929: jQuery vulnerability with untrusted domains)
Your message dated Sat, 10 Mar 2018 23:18:04 + with message-idand subject line Bug#891153: fixed in drupal7 7.32-1+deb8u10 has caused the Debian Bug report #891153, regarding drupal7: CVE-2017-6929: jQuery vulnerability with untrusted domains to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 891153: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891153 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: drupal7 Version: 7.56-1 Severity: grave Tags: security upstream Hi There was a new Drupal security advisory at https://www.drupal.org/sa-core-2018-001 where several issues affect as well drupal7. * JavaScript cross-site scripting prevention is incomplete - Critical - Drupal 7 and Drupal 8 * Private file access bypass - Moderately Critical - Drupal 7 * jQuery vulnerability with untrusted domains - Moderately Critical - Drupal 7 * External link injection on 404 pages when linking to the current page - Less Critical - Drupal 7 and fixed with 7.57 (others are affecting only Drupal 8, which is not going to be packaged in Debian). Regards, Salvatore --- End Message --- --- Begin Message --- Source: drupal7 Source-Version: 7.32-1+deb8u10 We believe that the bug you reported is fixed in the latest version of drupal7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 891...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gunnar Wolf (supplier of updated drupal7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 24 Feb 2018 01:06:57 -0600 Source: drupal7 Binary: drupal7 Architecture: source all Version: 7.32-1+deb8u10 Distribution: jessie-security Urgency: high Maintainer: Luigi Gangitano Changed-By: Gunnar Wolf Description: drupal7- fully-featured content management framework Closes: 891150 891152 891153 891154 Changes: drupal7 (7.32-1+deb8u10) jessie-security; urgency=high . * Fixes multiple security vulnerabilities, grouped under Drupal's SA-CORE-2018-001 (CVEs yet unassigned): - External link injection on 404 pages when linking to the current page (Closes: #891154) - jQuery vulnerability with untrusted domains (Closes: #891153) - Private file access bypass (Closes: #891152) - JavaScript cross-site scripting prevention is incomplete (Closes: #891150) Checksums-Sha1: eae0fea90d6e695a2977d074d653d3b2e3afa0f2 1915 drupal7_7.32-1+deb8u10.dsc 07205490873a9e2ee71015105242471f22f04e03 203464 drupal7_7.32-1+deb8u10.debian.tar.xz bb81220b8a9dd183d900174cdce3f1e95b7bb85b 2470428 drupal7_7.32-1+deb8u10_all.deb 6f616bdcca1e94d0ce9281b76d9f1695724d7c28 8581 drupal7_7.32-1+deb8u10_amd64.buildinfo Checksums-Sha256: 63f2e73915750d0459987c1180ffd64be12140cb33c6d4de4512c51e8b362d7f 1915 drupal7_7.32-1+deb8u10.dsc 64e6a3f0bdb5b712e6baef113e07821b68149db948cb0351b269ad62602f78e7 203464 drupal7_7.32-1+deb8u10.debian.tar.xz 01b22847c274954ab80d6641449feac10c4084ec2747aa1b1046a6eb39160df9 2470428 drupal7_7.32-1+deb8u10_all.deb d1f1e59aeadce1b3dbd37da206fb3eaf23daff51f3174b7a6eb76bc09b81a2fb 8581 drupal7_7.32-1+deb8u10_amd64.buildinfo Files: c415847e5d547e0b30d6867b3dc5e03e 1915 web extra drupal7_7.32-1+deb8u10.dsc 6b546c8dde289dbde9cf33f0c0719a42 203464 web extra drupal7_7.32-1+deb8u10.debian.tar.xz 975ab41fb6df1a6430e4c5ba38f24f2e 2470428 web extra drupal7_7.32-1+deb8u10_all.deb 0fd5847b9b75374d2458d642612495cb 8581 web extra drupal7_7.32-1+deb8u10_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEq0HBxor9ZoygRev4ZzoD5MHbkh8FAlqRENwACgkQZzoD5MHb kh9mVxAApeLeACgYPmOWhmY28M2gGx4+slvlI5ZxBYiIJflX2ksOd9aIRP52GhrJ n7E5lVsfeOyoKSlH5YfIKGAfBePCNZRep8YyErUbvmwvDd5276fHBdg60/0EEj/S TwIu7saxlCsFq7tw8w6ftl2sMMb5W/KtEDAxeCGeUmlArk2Hh9SgX0+x+pmudRXv HD86fFFoHmlkLYJLFeu4LouoZvriAW5arp1Ysg0oO3QMgkczA7c8KYMk074enaMQ vmldEjql5MrwZ9PwTOIfWnTqaYK25tO3qTEn6iPNiH/+RKkYKbtBdfYcrXN9Db1L c5SI7DbsNAgPR2dL3NrDbEgID1e6zCekloLKNnki8Xp11/ZZj6KE3qRzgaXCjinM NHfS+yF2EQuoaE+PqakItvfSbgWeODg1A5yr0p7vjHnkpkpqsIJ+zHmhUA7wgcWi
Bug#891153: marked as done (drupal7: CVE-2017-6929: jQuery vulnerability with untrusted domains)
Your message dated Sun, 25 Feb 2018 15:02:09 + with message-idand subject line Bug#891153: fixed in drupal7 7.52-2+deb9u2 has caused the Debian Bug report #891153, regarding drupal7: CVE-2017-6929: jQuery vulnerability with untrusted domains to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 891153: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891153 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: drupal7 Version: 7.56-1 Severity: grave Tags: security upstream Hi There was a new Drupal security advisory at https://www.drupal.org/sa-core-2018-001 where several issues affect as well drupal7. * JavaScript cross-site scripting prevention is incomplete - Critical - Drupal 7 and Drupal 8 * Private file access bypass - Moderately Critical - Drupal 7 * jQuery vulnerability with untrusted domains - Moderately Critical - Drupal 7 * External link injection on 404 pages when linking to the current page - Less Critical - Drupal 7 and fixed with 7.57 (others are affecting only Drupal 8, which is not going to be packaged in Debian). Regards, Salvatore --- End Message --- --- Begin Message --- Source: drupal7 Source-Version: 7.52-2+deb9u2 We believe that the bug you reported is fixed in the latest version of drupal7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 891...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gunnar Wolf (supplier of updated drupal7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 22 Jun 2017 11:56:08 -0500 Source: drupal7 Binary: drupal7 Architecture: source all Version: 7.52-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Gunnar Wolf Changed-By: Gunnar Wolf Description: drupal7- fully-featured content management framework Closes: 891150 891152 891153 891154 Changes: drupal7 (7.52-2+deb9u2) stretch-security; urgency=high . * Added missing DEP5 header to SA-CORE-2017-003 patch * Uncruft: Remove an unused .dpatch file still from the drupal6 era(!) * Fixes multiple security vulnerabilities, grouped under Drupal's SA-CORE-2018-001 (CVEs yet unassigned): - External link injection on 404 pages when linking to the current page (Closes: #891154) - jQuery vulnerability with untrusted domains (Closes: #891153) - Private file access bypass (Closes: #891152) - JavaScript cross-site scripting prevention is incomplete (Closes: #891150) Checksums-Sha1: 225c3982bfbd02b3db5459c311743639d93e6603 1904 drupal7_7.52-2+deb9u2.dsc 24a69c198db2358aa28e24e4ff32aafcd1f2ef38 192124 drupal7_7.52-2+deb9u2.debian.tar.xz c4fcd864d0f3d50b11bc9c6fed046234226be95f 2517480 drupal7_7.52-2+deb9u2_all.deb 83a9790be1b87c47310704d9e1c202d72c4b4340 8574 drupal7_7.52-2+deb9u2_amd64.buildinfo Checksums-Sha256: 87509fea6f62f7c2aeda059b6086eaccb9f0282289746befb18a9be98847dc88 1904 drupal7_7.52-2+deb9u2.dsc ee93b46c165829788e062ca3a03f9bcd4782fbebb84bad834480dfb6256d4004 192124 drupal7_7.52-2+deb9u2.debian.tar.xz 1db16f45bfcb17191bb2b18712bb97e736e809c6d49bcb7d387bb38f3b380d01 2517480 drupal7_7.52-2+deb9u2_all.deb 0fa8447251ca25b58ee89cdf41363ac33b4ee5318d40429ce6f9afb0ced289aa 8574 drupal7_7.52-2+deb9u2_amd64.buildinfo Files: 23cafd996c10e83910ba27c93eed1dbd 1904 web extra drupal7_7.52-2+deb9u2.dsc 82739f130e15ab1cf982800a7d9c27d6 192124 web extra drupal7_7.52-2+deb9u2.debian.tar.xz 6c37f015793d430f388e56c6926e329b 2517480 web extra drupal7_7.52-2+deb9u2_all.deb 686099084ea2eeeca6cca0da3ac3e0c0 8574 web extra drupal7_7.52-2+deb9u2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEq0HBxor9ZoygRev4ZzoD5MHbkh8FAlqQeAUACgkQZzoD5MHb kh+vDg/+O19En/vanthhp4qmbtvWUsJ0o6slD+aF3o9ln24Pon72Z15a7wbmj7+m Dz44qHPk034/sbDOQAuDYDUP5fL0V7JYh7rF6JL8w+FA4o62SIgMLYaeWFTS+S6+ F0J0Qa+9Xb+Bd6OBY3LiDtME4kVW1VD3se7IqYQ1qQrKNWedABzDHn7Un1p7DfYB f2vIqLcsSPMagHj0judOfumoUsBrDLMU3S+/aGL2HjCIYV7ilFSIRlwLtItDOB03 sLOAUNue6X1BCmCLZxmIYw1f3IfiT3oqXpmwoCJ6UMHgh2Fg5LbTlLaBhkL5/4f7