update to Drupal 9.2.11. update to Drupal 7.87. drupal-8 and drupal 9 < 9.2 do not receive security update Reproducible: Always
Thank you for reporting! "Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issue that may affect Drupal 9 and 7: CVE-2021-41184: XSS in the `of` option of the `.position()` util It is possible that this vulnerability is exploitable with some Drupal modules. As a precaution, this Drupal security release applies the fix for the above cross-site description issue, without making any of the other changes to the jQuery version that is included in Drupal." Maintainers, please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f32fd46a00b538c6b808c388d88833d103d62f0 commit 4f32fd46a00b538c6b808c388d88833d103d62f0 Author: Alfredo Tupone <tupone@gentoo.org> AuthorDate: 2022-02-10 06:41:10 +0000 Commit: Alfredo Tupone <tupone@gentoo.org> CommitDate: 2022-02-10 06:41:10 +0000 www-apps/drupal: 7.87 bump Bug: https://bugs.gentoo.org/831818 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Alfredo Tupone <tupone@gentoo.org> www-apps/drupal/Manifest | 1 + www-apps/drupal/drupal-7.87.ebuild | 58 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+)
Thanks! Please cleanup drupal-8 and drupal-9.1
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=48b5eb917955c7dbad99bdba04f4d988d66e1813 commit 48b5eb917955c7dbad99bdba04f4d988d66e1813 Author: Viorel Munteanu <ceamac@gentoo.org> AuthorDate: 2023-03-11 07:16:35 +0000 Commit: Viorel Munteanu <ceamac@gentoo.org> CommitDate: 2023-03-11 11:03:41 +0000 www-apps/drupal: drop 9.1.15 drupal 9.1 reached end of life and no longer receives security updates. Bug: https://bugs.gentoo.org/831818 Bug: https://bugs.gentoo.org/835524 Bug: https://bugs.gentoo.org/873361 Signed-off-by: Viorel Munteanu <ceamac@gentoo.org> www-apps/drupal/Manifest | 1 - www-apps/drupal/drupal-9.1.15.ebuild | 68 ------------------------------------ 2 files changed, 69 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=498c2ae529bd3b26c342a9517cbdd08e6cc776f6 commit 498c2ae529bd3b26c342a9517cbdd08e6cc776f6 Author: Viorel Munteanu <ceamac@gentoo.org> AuthorDate: 2023-03-11 06:28:50 +0000 Commit: Viorel Munteanu <ceamac@gentoo.org> CommitDate: 2023-03-11 11:03:40 +0000 www-apps/drupal: drop 8.9.20 drupal 8 reached end of life. It no longer receives security updates. Bug: https://bugs.gentoo.org/831818 Signed-off-by: Viorel Munteanu <ceamac@gentoo.org> www-apps/drupal/Manifest | 1 - www-apps/drupal/drupal-8.9.20.ebuild | 68 ------------------------------------ 2 files changed, 69 deletions(-)
Thanks Viorel!