update to Drupal 9.2.11. update to Drupal 7.87. drupal-8 and drupal 9 < 9.2 do not receive security update Reproducible: Always
Thank you for reporting! "Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issue that may affect Drupal 9 and 7: CVE-2021-41184: XSS in the `of` option of the `.position()` util It is possible that this vulnerability is exploitable with some Drupal modules. As a precaution, this Drupal security release applies the fix for the above cross-site description issue, without making any of the other changes to the jQuery version that is included in Drupal." Maintainers, please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f32fd46a00b538c6b808c388d88833d103d62f0 commit 4f32fd46a00b538c6b808c388d88833d103d62f0 Author: Alfredo Tupone <tupone@gentoo.org> AuthorDate: 2022-02-10 06:41:10 +0000 Commit: Alfredo Tupone <tupone@gentoo.org> CommitDate: 2022-02-10 06:41:10 +0000 www-apps/drupal: 7.87 bump Bug: https://bugs.gentoo.org/831818 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Alfredo Tupone <tupone@gentoo.org> www-apps/drupal/Manifest | 1 + www-apps/drupal/drupal-7.87.ebuild | 58 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+)
