Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 628210 (CVE-2017-6923, CVE-2017-6924, CVE-2017-6925)

Summary: <www-apps/drupal-8.3.7: Access Bypass (CVE-2017-692{3,4,5})
Product: Gentoo Security Reporter: MickKi <confabulate>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: trivial CC: web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~2 [noglsa cve]
Package list:
Runtime testing required: ---

Description MickKi 2017-08-18 18:17:18 UTC
Drupal-8 versions prior to 8.3.7 should be updated to mitigate critical security vulnerabilities described in

Reproducible: Always

Security vulnerabilities dealt with under version 8.3.7:

1. Views - Access Bypass - Moderately Critical - Drupal 8 - CVE-2017-6923
2. REST API can bypass comment approval - Access Bypass - Moderately Critical - Drupal 8 - CVE-2017-6924
3. Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical - Drupal 8 - CVE-2017-6925
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-01 01:04:13 UTC
(In reply to MickKi from comment #0)

Thank you for the report.

@Maintainers, could you please bump to 8.3.7 and let us know when tree is clean of vulnerable versions?


Gentoo Security Padawan
Comment 2 Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2017-09-01 19:21:34 UTC

www-apps/drupal: Security version bump CVE-2017-692{3,4,5} - fixes bug 628210.

Vulnerable versions removed from the tree.