Drupal7, in Jessie has 3 security issues:
CVE-2020-11022 / CVE-2020-11023 / SA-CORE-2020-002
Vulnerabilities in jquery library.
The Debian drupal7 package comes with jquery 1.4.4
(debian/missing-sources/jquery-1.4.4.js).
7.27+dfsg-1 the maintainer attempted to use the libjs-jquery
package
Brian May writes:
> I sent a email to Moritz Muehlenhoff, asking why is changed it to
> unsupported, but not got a response yet.
Response was that upstream support has ended the old version unbound,
and it was deemed to risky too backport changes from supported versions
to the old version.
--