it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
[IT-SecNots] [Security-news] Breakpoint Panels - Critical - Unsupported - SA-CONTRIB-2017-028
Chronologisch Thread
- From: security-news AT drupal.org
- To: security-news AT drupal.org
- Subject: [IT-SecNots] [Security-news] Breakpoint Panels - Critical - Unsupported - SA-CONTRIB-2017-028
- Date: Wed, 1 Mar 2017 18:08:46 +0000 (UTC)
- List-archive: <http://lists.drupal.org/pipermail/security-news/>
- List-id: <security-news.drupal.org>
View online: https://www.drupal.org/node/2857073
* Advisory ID: DRUPAL-SA-CONTRIB-2017-028
* Project: breakpoint panels [1] (third-party module)
* Version: 7.x
* Date: 2017-March-01
-------- DESCRIPTION
---------------------------------------------------------
Breakpoint panels adds a button to the Panels In-Place Editor for each pane.
When selected, it will display checkboxes next to all of the breakpoints
specified in that modules UI. Unchecking any of these will 'hide' it from
that breakpoint.
The security team is marking this module unsupported. There is a known
security issue with the module that has not been fixed by the maintainer. If
you would like to maintain this module, please read:
https://www.drupal.org/node/251466
-------- CVE IDENTIFIER(S) ISSUED
--------------------------------------------
* /A CVE identifier [2] will be requested, and added upon issuance, in
accordance with Drupal Security Team processes./
-------- VERSIONS AFFECTED
---------------------------------------------------
* All versions
Drupal core is not affected. If you do not use the contributed breakpoint
panels [3] module, there is nothing you need to do.
-------- SOLUTION
------------------------------------------------------------
If you use the breakpoint panels module for Drupal 7.x you should uninstall
it.
Also see the breakpoint panels [4] project page.
-------- REPORTED BY
---------------------------------------------------------
* Dylan Tack [5]
-------- FIXED BY
------------------------------------------------------------
Not applicable
-------- CONTACT AND MORE INFORMATION
----------------------------------------
The Drupal security team can be reached at security at drupal.org or via the
contact form at https://www.drupal.org/contact [6].
Learn more about the Drupal Security team and their policies [7], writing
secure code for Drupal [8], and securing your site [9].
Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [10]
[1] https://www.drupal.org/project/breakpoint_panels
[2] http://cve.mitre.org/
[3] https://www.drupal.org/project/breakpoint_panels
[4] https://www.drupal.org/project/breakpoint_panels
[5] https://www.drupal.org/user/96647
[6] https://www.drupal.org/contact
[7] https://www.drupal.org/security-team
[8] https://www.drupal.org/writing-secure-code
[9] https://www.drupal.org/security/secure-configuration
[10] https://twitter.com/drupalsecurity
_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news
- [IT-SecNots] [Security-news] Breakpoint Panels - Critical - Unsupported - SA-CONTRIB-2017-028, security-news, 01.03.2017
Archiv bereitgestellt durch MHonArc 2.6.19.