681172 – (CVE-2019-6341) <www-apps/drupal-{7.65,8.5.14,8.6.13}: Cross site scripting vulnerability (CVE-2019-6341)

Bug 681172 (CVE-2019-6341) - <www-apps/drupal-{7.65,8.5.14,8.6.13}: Cross site scripting vulnerability (CVE-2019-6341)

Summary: <www-apps/drupal-{7.65,8.5.14,8.6.13}: Cross site scripting vulnerability (CV...

Status:	RESOLVED FIXED

Alias:	CVE-2019-6341

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://www.drupal.org/SA-CORE-2019-004
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2019-03-21 17:12 UTC by Tupone Alfredo
Modified:	2020-04-17 03:28 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tupone Alfredo gentoo-dev

2019-03-21 17:12:24 UTC

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004

Reproducible: Always

Comment 1 Larry the Git Cow gentoo-dev

2019-03-22 19:51:38 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/dev/jmbsvicetto.git/commit/?id=4cc3f9ae8da1a5d81e19da3fe7c446233262a15b

commit 4cc3f9ae8da1a5d81e19da3fe7c446233262a15b
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2019-03-22 19:48:12 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2019-03-22 19:48:12 +0000

    www-apps/drupal: Security bump (SA-CORE-2019-004).
    Bug: http://bugs.gentoo.org/681172
    
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 www-apps/drupal/Manifest             |  3 ++
 www-apps/drupal/drupal-7.65.ebuild   | 74 +++++++++++++++++++++++++++++++
 www-apps/drupal/drupal-8.5.14.ebuild | 84 ++++++++++++++++++++++++++++++++++++
 www-apps/drupal/drupal-8.6.13.ebuild | 84 ++++++++++++++++++++++++++++++++++++
 4 files changed, 245 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2019-03-22 19:59:24 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=590cf40620a816764d180ce87699490babdf56f1

commit 590cf40620a816764d180ce87699490babdf56f1
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2019-03-22 19:57:11 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2019-03-22 19:59:09 +0000

    www-apps/drupal: Security bump (SA-CORE-2019-004).
    
    Bug: http://bugs.gentoo.org/681172
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 www-apps/drupal/Manifest             |  3 ++
 www-apps/drupal/drupal-7.65.ebuild   | 74 +++++++++++++++++++++++++++++++
 www-apps/drupal/drupal-8.5.14.ebuild | 84 ++++++++++++++++++++++++++++++++++++
 www-apps/drupal/drupal-8.6.13.ebuild | 84 ++++++++++++++++++++++++++++++++++++
 4 files changed, 245 insertions(+)

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2019-03-22 20:03:39 UTC

tree is clean