Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 685428 (CVE-2019-11831, SA-CORE-2019-007)

Summary: www-apps/drupal: Insecure Deserialization by-pass in Phar Stream Wrapper (CVE-2019-11831)
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: trivial CC: web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~2 [noglsa]
Package list:
Runtime testing required: ---

Description D'juan McDonald (domhnall) 2019-05-09 04:54:43 UTC
security release fixes third-party dependencies included in
latest version(s):

    If you are using Drupal 8.7, update to Drupal 8.7.1
    If you are using Drupal 8.6 or earlier, update to Drupal 8.6.16.
    If you are using Drupal 7, update to Drupal 7.67.

Versions of Drupal 8 prior to 8.6.x are end-of-life and do not receive security coverage.

Gentoo Security Padawan