Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [Security-news] Book access - Critical - Unsupported - SA-CONTRIB-2017-35

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [Security-news] Book access - Critical - Unsupported - SA-CONTRIB-2017-35


Chronologisch Thread 
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecNots] [Security-news] Book access - Critical - Unsupported - SA-CONTRIB-2017-35
  • Date: Wed, 12 Apr 2017 17:50:30 +0000 (UTC)
  • List-archive: <http://lists.drupal.org/pipermail/security-news/>
  • List-id: <security-news.drupal.org>

View online: https://www.drupal.org/node/2869123

* Advisory ID: DRUPAL-SA-CONTRIB-2017-35
* Project: Book access [1] (third-party module)
* Date: 12-April-2017
-------- DESCRIPTION
---------------------------------------------------------

This module alters the book module permissions model by letting you specify
access/modify/delete rights on a per-book basis. Normally, book-related
permissions provided by drupal core apply across all books, but this module
will let you drill down as granular as to letting specific users have
specific rights for specific books.

The security team is marking this module unsupported. There is a known
security issue with the module that has not been fixed by the maintainer. If
you would like to maintain this module, please read:
https://www.drupal.org/node/251466

-------- VERSIONS AFFECTED
---------------------------------------------------

* All versions

Drupal core is not affected. If you do not use the contributed Book access
[2] module, there is nothing you need to do.

-------- SOLUTION
------------------------------------------------------------

If you use the Book access module for Drupal you should uninstall it.

Also see the Book access [3] project page.

-------- REPORTED BY
---------------------------------------------------------

* Ergun Kuru [4]

-------- FIXED BY
------------------------------------------------------------

Not applicable

-------- CONTACT AND MORE INFORMATION
----------------------------------------

The Drupal security team can be reached at security at drupal.org or via the
contact form at https://www.drupal.org/contact [5].

Learn more about the Drupal Security team and their policies [6], writing
secure code for Drupal [7], and securing your site [8].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [9]


[1] https://www.drupal.org/project/book_access
[2] https://www.drupal.org/project/book_access
[3] https://www.drupal.org/project/book_access
[4] https://www.drupal.org/user/379181
[5] https://www.drupal.org/contact
[6] https://www.drupal.org/security-team
[7] https://www.drupal.org/writing-secure-code
[8] https://www.drupal.org/security/secure-configuration
[9] https://twitter.com/drupalsecurity

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news


  • [IT-SecNots] [Security-news] Book access - Critical - Unsupported - SA-CONTRIB-2017-35, security-news, 12.04.2017

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang