-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2466-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 27, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : drupal7 Version : 7.52-2+deb9u13 CVE ID : CVE-2020-28948 CVE-2020-28949 Two vulnerabilities were found in the Archive_Tar PHP module, used by Drupal, which could result in the execution of arbitrary code if a malicious user is allowed to upload tar archives. For Debian 9 stretch, these problems have been fixed in version 7.52-2+deb9u13. We recommend that you upgrade your drupal7 packages. For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl/AzbYACgkQnUbEiOQ2 gwJvYw/+P84Qttlwidj2uSbKE4TBkuC65jkURt+xooUquyXjFFrlPd0MrY8Wd/5A euNYHfUGNf3eKs9zqsYHJrpEU4YgQbFCrFs2+wMIr+2q46HWBSozI3TvKCy31T33 VzkEBOWbmBQcXD0HXOdLeqSKvPs7zP8KLw6/q6NfPqEtTdbKsbvV8dGnYckoyzSx JTj9cSt2gvLR2tevAv9wsejmZjZ3Fj1/licE0aobB9sX65lH/aaL+kJnO0nN307N uJ2oot7A28EePk1Shmv08vG3660kiVx3inmBoFk4eZRfEmrym+lc0gg5PnFCYHwv CgL/p5WpymzoRZrOMbseWhyFJR3DDiIrgjTnzj8JnEkKRFb0JXLSlySpEHuUG0+4 cYSbwybC+2s04i4LM0Wwqgyvnr6x4kTIl+BY6+Kv6i5YHU8NZMwCQlZ1iXfUIyVD 0/BrAUfAiFSLFWotstBk8lzC/V6Uxsr0xhIzHU7L7SL27UgU1QY9u6aJrfa50zWI EIloDYHbbbuRlaUTQRXznFHa26o9Otx9xsa2r2kazRcLF04d40uCEUbCYeHquZ94 AYAf1gsNq0XojUT2BBwcvaQVHwMlLYj4B0AjMGlhHYWpz5MctPmb8UGGB3UFJ5vs qYwQPaON0vc5zZo4dKM2ww/wuP26ylyuIHYAhr8yVG6qvtUZSfg= =FYjF -----END PGP SIGNATURE-----