685428 – (CVE-2019-11831, SA-CORE-2019-007) www-apps/drupal: Insecure Deserialization by-pass in Phar Stream Wrapper (CVE-2019-11831)

Bug 685428 (CVE-2019-11831, SA-CORE-2019-007) - www-apps/drupal: Insecure Deserialization by-pass in Phar Stream Wrapper (CVE-2019-11831)

Summary: www-apps/drupal: Insecure Deserialization by-pass in Phar Stream Wrapper (CVE...

Status:	RESOLVED FIXED

Alias:	CVE-2019-11831, SA-CORE-2019-007

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://www.drupal.org/SA-CORE-2019-007
Whiteboard:	~2 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2019-05-09 04:54 UTC by D'juan McDonald (domhnall)
Modified:	2020-04-17 03:20 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2019-05-09 04:54:43 UTC

security release fixes third-party dependencies included in
latest version(s):

    If you are using Drupal 8.7, update to Drupal 8.7.1
    If you are using Drupal 8.6 or earlier, update to Drupal 8.6.16.
    If you are using Drupal 7, update to Drupal 7.67.

Versions of Drupal 8 prior to 8.6.x are end-of-life and do not receive security coverage.


Gentoo Security Padawan
(domhnall)