803293 – www-apps/drupal: vulnerability in bundled Archive_Tar

Bug 803293 - www-apps/drupal: vulnerability in bundled Archive_Tar

Summary: www-apps/drupal: vulnerability in bundled Archive_Tar

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:	CVE-2021-32610
	Show dependency tree

Reported:	2021-07-21 22:09 UTC by John Helmert III
Modified:	2021-08-06 13:58 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-07-21 22:09:00 UTC

Some more details at blocker, but fixes are:

If you are using Drupal 9.2, update to Drupal 9.2.2.
If you are using Drupal 9.1, update to Drupal 9.1.11.
If you are using Drupal 8.9, update to Drupal 8.9.17.
If you are using Drupal 7, update to Drupal 7.82.

Please bump.

Comment 1 NATTkA bot gentoo-dev

2021-07-29 17:20:40 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:28:45 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:36:43 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:44:45 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:52:49 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 17:56:44 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 18:00:44 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 8 NATTkA bot gentoo-dev

2021-07-29 18:09:02 UTC

Package list is empty or all packages have requested keywords.

Comment 9 Larry the Git Cow gentoo-dev

2021-08-04 17:31:16 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/dev/jmbsvicetto.git/commit/?id=58a53ffd58ac96f8b29c2027b00d8c3186cbbda4

commit 58a53ffd58ac96f8b29c2027b00d8c3186cbbda4
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2021-08-04 17:30:47 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2021-08-04 17:30:47 +0000

    www-apps/drupal: Security bump - SA-CORE-2021-004.
    
    Add 7.82, 8.9.17, 9.1.11 and 9.2.3 releases.
    Bug: https://bugs.gentoo.org/803293
    Package-Manager: Portage-3.0.19, Repoman-3.0.3
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 www-apps/drupal/Manifest             |  4 +++
 www-apps/drupal/drupal-7.82.ebuild   | 58 ++++++++++++++++++++++++++++++
 www-apps/drupal/drupal-8.9.17.ebuild | 68 ++++++++++++++++++++++++++++++++++++
 www-apps/drupal/drupal-9.1.11.ebuild | 68 ++++++++++++++++++++++++++++++++++++
 www-apps/drupal/drupal-9.2.3.ebuild  | 68 ++++++++++++++++++++++++++++++++++++
 5 files changed, 266 insertions(+)

Comment 10 Larry the Git Cow gentoo-dev

2021-08-04 17:44:04 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74c9a6b263f40405458f77e2423cf0c57412d201

commit 74c9a6b263f40405458f77e2423cf0c57412d201
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2021-08-04 17:41:21 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2021-08-04 17:41:56 +0000

    www-apps/drupal: Security bump.
    
    Fix SA-CORE-2021-004.
    Add 7.82, 8.9.17, 9.1.11 and 9.2.3 releases.
    Drop old / vulnerable releases.
    Bug: https://bugs.gentoo.org/803293
    Package-Manager: Portage-3.0.19, Repoman-3.0.3
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 www-apps/drupal/Manifest                                       | 8 ++++----
 www-apps/drupal/{drupal-7.80.ebuild => drupal-7.82.ebuild}     | 0
 www-apps/drupal/{drupal-8.9.14.ebuild => drupal-8.9.17.ebuild} | 0
 www-apps/drupal/{drupal-9.0.12.ebuild => drupal-9.1.11.ebuild} | 0
 www-apps/drupal/{drupal-9.1.7.ebuild => drupal-9.2.3.ebuild}   | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

Comment 11 John Helmert III archtester

2021-08-06 13:58:21 UTC

No GLSA, all done!