www-apps/drupal-7.69 has security vulnerabilities www-apps/drupal-8.7.13 and www-apps/drupal-8.8.5 is affected Reproducible: Always
Thanks for letting us know about this. * SA-CORE-2020-2 Description: "The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are [...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others. Security advisories for both of these issues have been published on GitHub." URL: https://www.drupal.org/sa-core-2020-002 * SA-CORE-2020-3 Description: "Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function." URL: https://www.drupal.org/sa-core-2020-003
@maintainer(s), please bump to 7.70, 8.7.14, and 8.8.6.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3609c25e2e5c6aa5f3647d0b394d5b4b4b76ddb1 commit 3609c25e2e5c6aa5f3647d0b394d5b4b4b76ddb1 Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2020-05-22 00:57:15 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2020-05-22 00:57:15 +0000 www-apps/drupal: Security bumps (8.8.6, 8.7.14 and 7.70). 8.8.6 and 8.7.14 releases include SA-CORE-2020-002. 7.70 release includes SA-CORE-2020-002 and SA-CORE-2020-003. Bug: https://bugs.gentoo.org/724498 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> www-apps/drupal/Manifest | 3 ++ www-apps/drupal/drupal-7.70.ebuild | 58 ++++++++++++++++++++++++++++++ www-apps/drupal/drupal-8.7.14.ebuild | 68 ++++++++++++++++++++++++++++++++++++ www-apps/drupal/drupal-8.8.6.ebuild | 68 ++++++++++++++++++++++++++++++++++++ 4 files changed, 197 insertions(+)
I had started working on this, but took a bit longer than expected to push to the tree [1]. [1] - https://gitweb.gentoo.org/dev/jmbsvicetto.git/commit/?id=d5126d536ae1b22673e0aee27a28dc45226d631f
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5f67f0520c54f46cff1452953aab2d711cc680c commit c5f67f0520c54f46cff1452953aab2d711cc680c Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2020-05-22 00:59:56 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2020-05-22 00:59:56 +0000 www-apps/drupal: Drop old and vulnerable releases. Bug: https://bugs.gentoo.org/724498 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> www-apps/drupal/Manifest | 5 --- www-apps/drupal/drupal-7.69.ebuild | 58 ------------------------------ www-apps/drupal/drupal-8.7.12.ebuild | 68 ------------------------------------ www-apps/drupal/drupal-8.7.13.ebuild | 68 ------------------------------------ www-apps/drupal/drupal-8.8.4.ebuild | 68 ------------------------------------ www-apps/drupal/drupal-8.8.5.ebuild | 68 ------------------------------------ 6 files changed, 335 deletions(-)
Closing because tree clean, no stable ebuilds. Thank you! :)
