Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 675690 (CVE-2019-6338, CVE-2019-6339) - <www-apps/drupal-{7.63,8.6.7}: Multiple vulnerabilities (CVE-2019-{6338,6339})
Summary: <www-apps/drupal-{7.63,8.6.7}: Multiple vulnerabilities (CVE-2019-{6338,6339})
Status: RESOLVED FIXED
Alias: CVE-2019-6338, CVE-2019-6339
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://www.drupal.org/project/drupal...
Whiteboard: ~1 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-17 15:22 UTC by Tupone Alfredo
Modified: 2020-04-17 03:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tupone Alfredo gentoo-dev 2019-01-17 15:22:06 UTC
7.63 has this
This is a hotfix release for a regression affecting some Drush installations that was introduced by the fix for SA-CORE-2019-002. No other fixes are included.

7.62 has this
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

    Drupal Core - Third-party libraries - SA-CORE-2019-001
    Drupal Core - Arbitrary PHP code execution - SA-CORE-2019-002

We have 7.61 on the tree
Comment 1 Larry the Git Cow gentoo-dev 2019-01-18 20:09:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/dev/jmbsvicetto.git/commit/?id=2268fffa5f7923bcb52279c20c83de76322b4513

commit 2268fffa5f7923bcb52279c20c83de76322b4513
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2019-01-18 20:05:54 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2019-01-18 20:05:54 +0000

    www-apps/drupal: Security bump to releases 7.63 and 8.6.7.
    
    This releases address SA-CORE-2019-001 and SA-CORE-2019-002.
    Bug: http://bugs.gentoo.org/675690
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 www-apps/drupal/Manifest            |  2 +
 www-apps/drupal/drupal-7.63.ebuild  | 74 ++++++++++++++++++++++++++++++++
 www-apps/drupal/drupal-8.6.7.ebuild | 84 +++++++++++++++++++++++++++++++++++++
 3 files changed, 160 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2019-01-18 20:15:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29ab1b1ba1aeee34c62313856e775596bf885d4d

commit 29ab1b1ba1aeee34c62313856e775596bf885d4d
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2019-01-18 20:15:03 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2019-01-18 20:15:03 +0000

    www-apps/drupal: Security bump to releases 7.63 and 8.6.7.
    
    This releases address SA-CORE-2019-001 and SA-CORE-2019-002.
    Bug: http://bugs.gentoo.org/675690
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 www-apps/drupal/Manifest            |  2 +
 www-apps/drupal/drupal-7.63.ebuild  | 74 ++++++++++++++++++++++++++++++++
 www-apps/drupal/drupal-8.6.7.ebuild | 84 +++++++++++++++++++++++++++++++++++++
 3 files changed, 160 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2019-01-18 20:18:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9864eb8f0f5dbbe01e010b455635aa0271be48e3

commit 9864eb8f0f5dbbe01e010b455635aa0271be48e3
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2019-01-18 20:18:30 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2019-01-18 20:18:30 +0000

    www-apps/drupal: Drop vulnerable releases.
    
    Bug: http://bugs.gentoo.org/675690
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 www-apps/drupal/Manifest            |  6 ---
 www-apps/drupal/drupal-7.60.ebuild  | 74 -------------------------------
 www-apps/drupal/drupal-7.61.ebuild  | 74 -------------------------------
 www-apps/drupal/drupal-8.6.2.ebuild | 86 -------------------------------------
 www-apps/drupal/drupal-8.6.3.ebuild | 86 -------------------------------------
 www-apps/drupal/drupal-8.6.4.ebuild | 84 ------------------------------------
 www-apps/drupal/drupal-8.6.5.ebuild | 84 ------------------------------------
 7 files changed, 494 deletions(-)