Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 683820 (CVE-2019-11358) - <www-apps/drupal-{7.66,8.5.15,8.6.15}: Cross site scripting vulnerability (CVE-2019-11358)
Summary: <www-apps/drupal-{7.66,8.5.15,8.6.15}: Cross site scripting vulnerability (CV...
Status: RESOLVED FIXED
Alias: CVE-2019-11358
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.drupal.org/SA-CORE-2019-006
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-04-19 06:49 UTC by Tupone Alfredo
Modified: 2020-04-17 03:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tupone Alfredo gentoo-dev 2019-04-19 06:49:46 UTC 
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2019-04-22 02:12:45 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d34e0d9b24de1160f4dc263e8982cf37a4bf2c7a

commit d34e0d9b24de1160f4dc263e8982cf37a4bf2c7a
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2019-04-22 02:12:04 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2019-04-22 02:12:27 +0000

    www-apps/drupal:  Security bump - SA-CORE-2019-006.
    
    Bug: https://bugs.gentoo.org/683820
    Package-Manager: Portage-2.3.63, Repoman-2.3.12
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 www-apps/drupal/Manifest             |  1 +
 www-apps/drupal/drupal-8.5.15.ebuild | 84 ++++++++++++++++++++++++++++++++++++
 2 files changed, 85 insertions(+)
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2019-04-22 02:33:20 UTC 
tree is clean