Your message dated Thu, 22 Jun 2017 18:04:12 +0000 with message-id <e1do6si-0001fm...@fasolo.debian.org> and subject line Bug#865498: fixed in drupal7 7.56-1 has caused the Debian Bug report #865498, regarding drupal7: CVE-2017-6922: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865498 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: drupal7 Version: 7.52-2 Severity: normal Tags: security patch upstream fixed-upstream Hi, the following vulnerability was published for drupal7. CVE-2017-6922[0]: |Files uploaded by anonymous users into a private file system can be |accessed by other anonymous users If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6922 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922 Please adjust the affected versions in the BTS as needed. Is jessie as well affected with based version 7.32? Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: drupal7 Source-Version: 7.56-1 We believe that the bug you reported is fixed in the latest version of drupal7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gunnar Wolf <gw...@debian.org> (supplier of updated drupal7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 22 Jun 2017 11:59:07 -0500 Source: drupal7 Binary: drupal7 Architecture: source all Version: 7.56-1 Distribution: unstable Urgency: high Maintainer: Gunnar Wolf <gw...@debian.org> Changed-By: Gunnar Wolf <gw...@debian.org> Description: drupal7 - fully-featured content management framework Closes: 865498 Changes: drupal7 (7.56-1) unstable; urgency=high . * New upstream release * Fixes security vulnerability: SA-CORE-2017-003: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users. (CVE-2017-6922) (Closes: #865498) Checksums-Sha1: 6b7fcff6623fb0d4919aebf3c31aadd928ba454e 1876 drupal7_7.56-1.dsc 4647ccc356a8557659a3a3891dbae1dce8467396 3277833 drupal7_7.56.orig.tar.gz 0a8ae16a98035fcd0a26e71f5efe8fb3dba5a642 188452 drupal7_7.56-1.debian.tar.xz 66429200b06589f01bd8843bf54285931855a42f 2525036 drupal7_7.56-1_all.deb ae5e09783fff5ee8e0da54f01ccdc6635f13a8c9 8388 drupal7_7.56-1_amd64.buildinfo Checksums-Sha256: a6b6c99c8dbfdd5cede73a0dc4a5091baff5dd08acd958ca90e508b6a249d464 1876 drupal7_7.56-1.dsc 02fb4b46060d53c2f876d2381a8741249819e3a02ea1d7291036f6ea280d7b69 3277833 drupal7_7.56.orig.tar.gz 3a5b50bfb5b2db506e69b75a49d94a1c29b7ad982e9dbbda1025bb7cd6e1dc69 188452 drupal7_7.56-1.debian.tar.xz 19b69047ade1a158e98e4402869f2491dcca072f3d6caa5019602dc0581d9754 2525036 drupal7_7.56-1_all.deb 57ebf339fabb81c474072e95ae9e02122952aaf5810ecdbe2c665593d4e5c708 8388 drupal7_7.56-1_amd64.buildinfo Files: 9c3d02493e698446b832181936834efe 1876 web extra drupal7_7.56-1.dsc 5d198f40f0f1cbf9cdf1bf3de842e534 3277833 web extra drupal7_7.56.orig.tar.gz f849f3f68821196b632639422ef68683 188452 web extra drupal7_7.56-1.debian.tar.xz 6db03e633fcdd6cf0e894bf57a2bffe3 2525036 web extra drupal7_7.56-1_all.deb ad552036806e395a43fa82b4a7327adf 8388 web extra drupal7_7.56-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAdFiEEq0HBxor9ZoygRev4ZzoD5MHbkh8FAllL/8AACgkQZzoD5MHb kh/31w/2OH8qkPx1mqPwHsE7Stn2/dFuUDB0st/J1QY9nxpGGg2McWpWW64LxlzN U9MAHbpC2qA/nzyCgXTE6BzowJHe0f6OS5BRSze2AsKDP5p4EUC08XjTiXarXAvf RmSUZecNH2ggutsvYVKnxDLXB/C76oUg2a0QA7UYNij5AgKv6nf+1JGRMoZPKYjD CXoz/HxElTs+2O73lCqB/PpP69xyz+MbYmmd54GFUMshDQRQXX7eXkM7NIsyoKv6 pP4MVEDo5SGBOysX7IaZxHELm2H+KFR3CGDIA7zvgT0BcsnnGXMt0QwjRS1iKFuo SJgwt5T/pvPtQiFzMGRDJ7I3Ufevwf68oQINX5mUXYpVpp9OBw3iI7Glfmh/LmI9 AFUp+FdP4wGOZllxuR0vy5kgZBbxl4uZGUAt91/Q71w16U1bIdAlZbazEUH0SAp1 jgZ6LhzfFePIKT1GNjKWrn6+JjBtDxnh2nfGpxKJkwursgj+U4g9nqrS5QDB/WNA SYsjTghDCU++EMeCNmOfW858atPmeZBAVLkW3w6Qz1W2muq9PHItziOBIr0ac7cb VzS5k/bLQP7Binw23Fr+OgvpqMxtdwhKQ+TSg1Er8zXiF90rq+Ib1KWP1Cg/qdCy z+/YNoXO3Rvl4sU6qMEfJEE/81OnukJdHrdvLCq2ThJNa6Db3Q== =1xtp -----END PGP SIGNATURE-----
--- End Message ---
