Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 784854 (SA-CORE-2021-002) - <www-apps/drupal-{7.80,8.9.14,9.0.12,9.1.7}: insufficient xss filtering (SA-CORE-2021-002)
Summary: <www-apps/drupal-{7.80,8.9.14,9.0.12,9.1.7}: insufficient xss filtering (SA-C...
Status: RESOLVED FIXED
Alias: SA-CORE-2021-002
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://www.drupal.org/sa-core-2021-002
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-21 18:44 UTC by Tupone Alfredo
Modified: 2021-05-30 16:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tupone Alfredo gentoo-dev 2021-04-21 18:44:47 UTC 
drupal-7.78 is subject to this SA
Please update to 7.80

Reproducible: Always
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-04-21 19:00:37 UTC 
Thanks:

Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.

Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-05 16:42:47 UTC 
ping
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-05-13 13:43:52 UTC 
Ping web-apps@.
Comment 4 Tupone Alfredo gentoo-dev 2021-05-13 14:14:26 UTC 
I have just rename the ebuild and it works here
Comment 5 Larry the Git Cow gentoo-dev 2021-05-29 15:13:14 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb1a143ae3ac9d97e34f2832fbfe1b944eff535e

commit bb1a143ae3ac9d97e34f2832fbfe1b944eff535e
Author:     Alfredo Tupone <tupone@gentoo.org>
AuthorDate: 2021-05-29 15:12:17 +0000
Commit:     Alfredo Tupone <tupone@gentoo.org>
CommitDate: 2021-05-29 15:12:45 +0000

    www-apps/drupal: bump versions
    
    Bug: https://bugs.gentoo.org/784854
    Package-Manager: Portage-3.0.18, Repoman-3.0.2
    Signed-off-by: Alfredo Tupone <tupone@gentoo.org>

 www-apps/drupal/Manifest                                       | 8 ++++----
 www-apps/drupal/{drupal-7.78.ebuild => drupal-7.80.ebuild}     | 0
 www-apps/drupal/{drupal-8.9.13.ebuild => drupal-8.9.14.ebuild} | 0
 www-apps/drupal/{drupal-9.0.11.ebuild => drupal-9.0.12.ebuild} | 0
 www-apps/drupal/{drupal-9.1.3.ebuild => drupal-9.1.7.ebuild}   | 0
 5 files changed, 4 insertions(+), 4 deletions(-)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-05-30 16:12:32 UTC 
Thanks! All done.