Date: Sun, 25 Feb 2018 19:39:06 +0000 (UTC) From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r462974 - head/security/vuxml Message-ID: <201802251939.w1PJd6Us090843@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: joneum Date: Sun Feb 25 19:39:06 2018 New Revision: 462974 URL: https://svnweb.freebsd.org/changeset/ports/462974 Log: Document multiple vulnerabilities in www/drupal7 and www/drupal8 Security: CVE-2017-6927 Security: CVE-2017-6928 Security: CVE-2017-6929 Security: CVE-2017-6930 Security: CVE-2017-6931 Security: CVE-2017-6932 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Feb 25 19:33:57 2018 (r462973) +++ head/security/vuxml/vuln.xml Sun Feb 25 19:39:06 2018 (r462974) @@ -58,6 +58,47 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="57580fcc-1a61-11e8-97e0-00e04c1ea73d"> + <topic>drupal -- Drupal Core - Multiple Vulnerabilities</topic> + <affects> + <package> + <name>drupal7</name> + <range><lt>7.56</lt></range> + </package> + <package> + <name>drupal8</name> + <range><lt>8.4.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal Security Team reports:</p> + <blockquote cite="https://www.drupal.org/SA-CORE-2018-001"> + <p>CVE-2017-6926: Comment reply form allows access to restricted content</p> + <p>CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete</p> + <p>CVE-2017-6928: Private file access bypass - Moderately Critical</p> + <p>CVE-2017-6929: jQuery vulnerability with untrusted domains - Moderately Critical</p> + <p>CVE-2017-6930: Language fallback can be incorrect on multilingual sites with node access restrictions</p> + <p>CVE-2017-6931: Settings Tray access bypass</p> + <p>CVE-2017-6932: External link injection on 404 pages when linking to the current page</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-6926</cvename> + <cvename>CVE-2017-6927</cvename> + <cvename>CVE-2017-6928</cvename> + <cvename>CVE-2017-6929</cvename> + <cvename>CVE-2017-6930</cvename> + <cvename>CVE-2017-6931</cvename> + <cvename>CVE-2017-6932</cvename> + </references> + <dates> + <discovery>2018-02-21</discovery> + <entry>2018-02-25</entry> + </dates> + </vuln> + <vuln vid="d9fe59ea-1940-11e8-9eb8-5404a68ad561"> <topic>cvs -- Remote code execution via ssh command injection</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802251939.w1PJd6Us090843>