[Secure-testing-team] Bug#891150: drupal7: SA-CORE-2018-001: Several vulnerabilities
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 22 19:46:30 UTC 2018
Source: drupal7
Version: 7.56-1
Severity: grave
Tags: security upstream
Hi
There was a new Drupal security advisory at
https://www.drupal.org/sa-core-2018-001
where several issues affect as well drupal7.
* JavaScript cross-site scripting prevention is incomplete - Critical -
Drupal 7 and Drupal 8
* Private file access bypass - Moderately Critical - Drupal 7
* jQuery vulnerability with untrusted domains - Moderately Critical
- Drupal 7
* External link injection on 404 pages when linking to the current page
- Less Critical - Drupal 7
and fixed with 7.57 (others are affecting only Drupal 8, which is not
going to be packaged in Debian).
Regards,
Salvatore
More information about the Secure-testing-team
mailing list