Summary: | <www-apps/drupal-{7.77,8.8.12,8.9.12,9.0.10}: Remote code execution via malicious tarball upload (CVE-2020-{28948,28949}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.drupal.org/sa-core-2020-013 | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 757246 |
Description
John Helmert III
2020-11-27 17:12:12 UTC
ping! Ping ping! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/dev/jmbsvicetto.git/commit/?id=8a9daaf9c614939057ec987e146babc5e6501c50 commit 8a9daaf9c614939057ec987e146babc5e6501c50 Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2021-01-11 17:47:16 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2021-01-11 17:47:16 +0000 www-apps/drupal: Security bump CVE-2020-{28948,28949} Update to the latest releases to address the security issue and get up to date releases. Add 7.77, 8.8.12, 8.9.12, 9.0.01 and 9.1.2 releases. Bug: https://bugs.gentoo.org/757252 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> www-apps/drupal/Manifest | 5 +++ www-apps/drupal/drupal-7.77.ebuild | 58 ++++++++++++++++++++++++++++++ www-apps/drupal/drupal-8.8.12.ebuild | 68 ++++++++++++++++++++++++++++++++++++ www-apps/drupal/drupal-8.9.12.ebuild | 68 ++++++++++++++++++++++++++++++++++++ www-apps/drupal/drupal-9.0.10.ebuild | 68 ++++++++++++++++++++++++++++++++++++ www-apps/drupal/drupal-9.1.2.ebuild | 68 ++++++++++++++++++++++++++++++++++++ 6 files changed, 335 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e392d33c2816799e327eadd14d01b1700b5fadb3 commit e392d33c2816799e327eadd14d01b1700b5fadb3 Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2021-01-11 21:04:22 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2021-01-11 21:05:52 +0000 www-apps/drupal: Security bump CVE-2020-{28948,28949} Update to the latest releases to address the security issue and get up to date releases. Add 7.77, 8.8.12, 8.9.12, 9.0.01 and 9.1.2 releases. Drop vulnerable releases. Bug: https://bugs.gentoo.org/757252 Package-Manager: Portage-3.0.11, Repoman-3.0.2 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> www-apps/drupal/Manifest | 9 +-- .../{drupal-7.74.ebuild => drupal-7.77.ebuild} | 2 +- .../{drupal-8.8.11.ebuild => drupal-8.8.12.ebuild} | 2 +- .../{drupal-8.9.9.ebuild => drupal-8.9.12.ebuild} | 2 +- .../{drupal-9.0.8.ebuild => drupal-9.0.10.ebuild} | 2 +- www-apps/drupal/drupal-9.1.2.ebuild | 68 ++++++++++++++++++++++ 6 files changed, 77 insertions(+), 8 deletions(-) Apologies for the delay, but I'm still recreating my development environment for web applications. (In reply to Jorge Manuel B. S. Vicetto from comment #6) > Apologies for the delay, but I'm still recreating my development environment > for web applications. Fortunately from here it's quick ;) Tree is clean, noglsa, all done. |