Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Debian 8: DLA-1797-1 Moderate: Drupal7 Cross Site Scripting Risk

debian lts
Calendar Grey May 20, 2019
Dist Debian Esm H88
Package : drupal7 Version : 7.32-1+deb8u17 CVE ID : CVE-2019-11358 CVE-2019-11831 Debian Bug : 92733
Several security vulnerabilities have been discovered in drupal7, a PHP web site platform

Summary

It was discovered that the jQuery version embedded in Drupal was
prone to a cross site scripting vulnerability in jQuery.extend().

For additional information, please refer to the upstream advisory
at https://www.drupal.org/sa-core-2019-006

CVE-2019-11831

It was discovered that incomplete validation in a Phar processing
library embedded in Drupal, a fully-featured content management
framework, could result in information disclosure.

For additional information, please refer to the upstream advisory
at https://www.drupal.org/sa-core-2019-007

For Debian 8 "Jessie", these problems have been fixed in version
7.32-1+deb8u17.

We recommend that you upgrade your drupal7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- --
Jonas Meurer




Package: drupal7
Version: 7.32-1+deb8u17
CVE ID: CVE-2019-11358 CVE-2019-11831
Debian Bug: 927330 928688

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.