| Summary: | www-apps/drupal: Insecure Deserialization by-pass in Phar Stream Wrapper (CVE-2019-11831) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | web-apps |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.drupal.org/SA-CORE-2019-007 | ||
| Whiteboard: | ~2 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
security release fixes third-party dependencies included in latest version(s): If you are using Drupal 8.7, update to Drupal 8.7.1 If you are using Drupal 8.6 or earlier, update to Drupal 8.6.16. If you are using Drupal 7, update to Drupal 7.67. Versions of Drupal 8 prior to 8.6.x are end-of-life and do not receive security coverage. Gentoo Security Padawan (domhnall)