From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3897-1
[email protected] https://www.debian.org/security/ Salvatore Bonaccorso
June 24, 2017
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : drupal7
CVE ID : CVE-2015-7943 CVE-2017-6922
Debian Bug : 865498
Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2015-7943
Samuel Mortenson and Pere Orga discovered that the overlay module
does not sufficiently validate URLs prior to displaying their
contents, leading to an open redirect vulnerability.
More information can be found at
https://www.drupal.org/SA-CORE-2015-004
CVE-2017-6922
Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files
uploaded by anonymous users into a private file system can be
accessed by other anonymous users leading to an access bypass
vulnerability.
More information can be found at
https://www.drupal.org/SA-CORE-2017-003
For the oldstable distribution (jessie), these problems have been fixed
in version 7.32-1+deb8u9.
For the stable distribution (stretch), these problems have been fixed in version 7.52-2+deb9u1. For the stable distribution (stretch),
CVE-2015-7943 was already fixed before the initial release.
We recommend that you upgrade your drupal7 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllN9+FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RsPw/+OI+sKb7Tug9hTpQSFiBNVkBqUCd3pvBofmVvu+peF/YTIL6iY/b9Gi5o Q86Jzj9Fnnv8rRVgVDuWWsUMi+hOcu8DzUEiEFB181rsU52xJX+CI5jvgjTRqr3R JFC8iGEELc09bUccmfBzujYx7XvUkUrodhjxhdphfi2cLIs9l10RYZGQZMpKTG8A MzC60GUCCWLbn20pvS2FgLPQSbMatS6kfT76xU7v2zpI78UDhuefqD9cFCqMNpA8 7sYyqIp+cLSS4abzfQFPjzbxqrsRlRwyS5WRIbFwxGefBJWDigDEOgwmAvjiHC17 lv6j7dgzdzJaGmsVdGjiKnG8GXMly5Jk7zA+c52LEkm9d5HsYX6mXwF6XLJypQT3 jDBpmBzyuZvBs8fZNNOv2Ym5X81BSDRx4LvFGMrkfrucZ6GEIHtxs4gPN4n/nfy8 +yhWG7tPqhnQQTyEV1aSBK5h0YwEpCkxRNEB4C8MjA69E8AhzEgu8bdiiKnGSjWP lZzkOs1gFgM+J5CR1RdxNWRvuR3Evf3H7QH5aanYAGBlCwG08NoN0DHgmK1NaScK kCD7wOWqe1eZxpjpP9KpZrloOBr1rLl5IDEUffDakNfzXnrFyNEnBth7sCvUimfR ash56i1MHn7n39RflEqZ1cctr/Wf4fnsBcTbVNRTKLSL+GG1hAs=
=qpVD
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)