it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4706-1] drupal7 security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 4706-1] drupal7 security update
Date: Thu, 18 Jun 2020 20:24:30 +0000
List-archive: https://lists.debian.org/msgid-search/20200618202430.GA19271 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=NMm6EEy0zH9ZbA5t9qkC63bKU3lkxaX/tZowFaVioKU=; b=VK M6BpU/LvzhSz2/fYNJo60VxO+0tJlgaLxMJFQ6KD4Bsbb4nWufX/Pf9bYfb/LEfXXKrr+4oL+EuzW tfuOKpa0SbxTX2smgC4RKuxrJAptGhVlvuTO4zz3Acoxubinda6DCuJaENqkmEt/G+0gnKWiZJ5NS YF/fjzqZy5NkVjnSIMhzkWJSXCok7PFmtCbj4Aq1ALtBwj6uaEg6L3ZaGtRTplO3M39Xv2joApi88 NEKwguuRS+EYagEsqoOEYYEjEtLfFDzFVfUt3HbowpIGNrPlld1tgFuAuMr4kSDs+9ELIhyIqGwSX G9UJEAZy5VP9bS/zB7ng1SpH7uCIpUpQ==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Thu, 18 Jun 2020 20:24:45 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <HpBA2bmM5v.A.-p.N286eB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4706-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 18, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : drupal7
CVE ID : CVE-2020-13663

It was discovered that Drupal, a fully-featured content management
framework, was suspectible to cross site request forgery.

For additional information, please refer to the upstream advisory at
https://www.drupal.org/sa-core-2020-004

For the oldstable distribution (stretch), this problem has been fixed
in version 7.52-2+deb9u11.

We recommend that you upgrade your drupal7 packages.

For the detailed security status of drupal7 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/drupal7

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7rzVUACgkQEMKTtsN8
TjaXqxAAmamAJvolHFUDrfp2f25ByMFBc0yR22Ycp2EuRwwdgzxnDqFTi1OaaOx1
BUWVX31Is12Oi1wcOtHjfR0vINlM28QGr50k4mdWA+dw7ibNDybfex0wZ2tSYUgL
/YEjM5G4WdlERxd8muX2s/FGvPUR+jCv9hbV07nENf8icygNo3y41OqFnQLUNF/u
ruhULa8p2xWewfaS1d8u0LAxiPvj/gUJPdlPHQ3p2lEfX3dh1EjWIXxRvx+/aVHQ
j4D/dYhEjIwWoTjt5xO86VWh/hKzjQVUoCv7pBBgLQLijr6zZx95sWfkJ/tbIyGo
ZjFu+zyJGvSQzlZkj0QIxoMSrc6suORihYRzpdC6bfT/ec7+lrmhHPEG7HYZQJhH
j83L2ClJVkGGS4qq/Wv4x5PLwNCrPH4PkjzFzpX8wPZcTMgvKUmWUpTqmjPyFSNT
nam1Gzea3rTPmdaNKQ5VksTizh20rZIWB8c3FMh9aIx0FXBIXhmX6vm2PNbZLAhV
LKKc+V7gwA/ZuCVtGcJMSUHU3RL67jWfouFKGonTPAeE5sFWQp4q+cnO/K+oZxe8
33xmQ82lzzb7Fw3A4GSGejZz1eXN0MTp3xkwqzCXCoqumEMavwAeeT7xAHSTc9t1
ip/9lPmB8/T/gUys3Jif6NLuINkd2Yz4+4wS2Q5cC7I+IzAURnU=
=Pmwi
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 4706-1] drupal7 security update, Moritz Muehlenhoff, 18.06.2020

Archiv bereitgestellt durch MHonArc 2.6.19.