lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <E1hHoi5-00074P-VV@seger.debian.org>
Date: Sat, 20 Apr 2019 12:03:09 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4434-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4434-1                   security@...ian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 20, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : drupal7
CVE ID         : CVE-2019-11358
Debian Bug     : 927330

A cross-site scripting vulnerability has been found in Drupal, a
fully-featured content management framework. For additional information,
please refer to the upstream advisory at
https://www.drupal.org/sa-core-2019-006 .

For the stable distribution (stretch), this problem has been fixed in
version 7.52-2+deb9u8.

We recommend that you upgrade your drupal7 packages.

For the detailed security status of drupal7 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/drupal7

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAly7ChVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SoqQ//TW58OzhPH29Yy+fy+KWpbMgv3xkJETntbRXcfoKf26G7szVHpMz6ymqp
Vw1VRKdxkI3TYgr5ytQKGrrRsq7NWVruLfRLN4I31NDVlG+OiBi67FTHzCGs+cT8
wx5ZFB4wahaqEa23CVoWn2hMl50FgR/stiJISja1gJAv9YaAjGCgwaJppw4F7xlu
uZcP0Pk+shFtPl3T4hmeuXiKGHPYSHt7rrM9QxkWitOnC3FmDB8EuXnBEOyc9nEz
Z/HJTBSjaVaPBq6DZUKJ/WUhcfowr/a7hAtoJlQt4DdzeKP56ZsZ97Pu/4EXAvMa
Xk5926rkWzuCy4mmu5KzoAjCBJQbJcJf9xgUUn/mEszfShXVX5HGWopm2agg+vzD
4jSMdrB1r4qiN2CYOWf06B59VYLdY65dIL56BKW3b/fjTtdgwYubw7U5/wXXDr9M
GncVJeo2peqFwaB/gkxO05QR78RzqssH4HECNdWjk39YJ/ZZVMsA3VSQjZR0hiol
wtSTOhalaaUW3yOLN+7dFRcxIQaVamSiSWdWrloUhI/r/NDS4tTBHznkObAMuufB
zDAnSESDLZWCy7BKwdDuRhRFcmyxPni03S5qSBKMprJHlRKb0IIc8GVXfP61Sk00
84O+zxgcl/NAQkEDMdaWZN9KApqDag2+O8T8UpElULrXgo4ny40=
=1kwh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists