Your message dated Sat, 24 Jun 2017 14:47:19 +0000 with message-id <e1domlh-000go2...@fasolo.debian.org> and subject line Bug#865498: fixed in drupal7 7.52-2+deb9u1 has caused the Debian Bug report #865498, regarding drupal7: CVE-2017-6922: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865498 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: drupal7 Version: 7.52-2 Severity: normal Tags: security patch upstream fixed-upstream Hi, the following vulnerability was published for drupal7. CVE-2017-6922[0]: |Files uploaded by anonymous users into a private file system can be |accessed by other anonymous users If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6922 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922 Please adjust the affected versions in the BTS as needed. Is jessie as well affected with based version 7.32? Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: drupal7 Source-Version: 7.52-2+deb9u1 We believe that the bug you reported is fixed in the latest version of drupal7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gunnar Wolf <gw...@debian.org> (supplier of updated drupal7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 22 Jun 2017 11:04:29 -0500 Source: drupal7 Binary: drupal7 Architecture: source all Version: 7.52-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Gunnar Wolf <gw...@debian.org> Changed-By: Gunnar Wolf <gw...@debian.org> Description: drupal7 - fully-featured content management framework Closes: 865498 Changes: drupal7 (7.52-2+deb9u1) stretch-security; urgency=high . * Backported from 7.56: SA-CORE-2017-003: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users. (CVE-2017-6922) (Closes: #865498) Checksums-Sha1: 17e9a81379a3c147f0755d64b0148515be99fb19 1904 drupal7_7.52-2+deb9u1.dsc fceb7a2891e870eae1a027d7f06028aa24dc58b2 3289714 drupal7_7.52.orig.tar.gz 210c2fbd81a7bdf760ac952e745ac354b91abf74 190024 drupal7_7.52-2+deb9u1.debian.tar.xz 147da0dcfeadccd822810b092d874587acfd31fb 2520630 drupal7_7.52-2+deb9u1_all.deb 72b3706fb7acb046b154b3be09a24ac6e192600c 8437 drupal7_7.52-2+deb9u1_amd64.buildinfo Checksums-Sha256: f2de423c55d5962c02418ee4045c4914904ddd03565373399f4b37bf8d435499 1904 drupal7_7.52-2+deb9u1.dsc ea09ec7c3555856591b7ac739dafbe7dbfba47d1ffe2a9a1f17fda490a91b8e8 3289714 drupal7_7.52.orig.tar.gz fa84a5d85193b5f0df911ac085502ba5e4ca911407438dd65979b9270742c17e 190024 drupal7_7.52-2+deb9u1.debian.tar.xz eb868eb50b0f9b731807e15131f99f092b8b3c30d8525a76fc8c55e4856274eb 2520630 drupal7_7.52-2+deb9u1_all.deb 47edf3422f8cb61f50c35bbe969eb1b6c852e420378fb7f4eeb640e6e3f3bbe8 8437 drupal7_7.52-2+deb9u1_amd64.buildinfo Files: cac5e6a5e21ad446b5b8558a5eed5356 1904 web extra drupal7_7.52-2+deb9u1.dsc 4963e68ca12918d3a3eae56054214191 3289714 web extra drupal7_7.52.orig.tar.gz c78326fda2eb194bbc2c66468124e1f8 190024 web extra drupal7_7.52-2+deb9u1.debian.tar.xz f9ec98b99d04a0f500a96ac45c94a0ba 2520630 web extra drupal7_7.52-2+deb9u1_all.deb 90f53414baf2a2dc174524a8902d71c8 8437 web extra drupal7_7.52-2+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEq0HBxor9ZoygRev4ZzoD5MHbkh8FAllL7i0ACgkQZzoD5MHb kh8/LRAAoK0F/u0vVbhVMM8f/UJ2qrKURkt5nQkvEaMe/X48Zz8f3UkJrkMc/MV6 ho9fNkG+Yq0+y9UR9CrCh5La/XbsnIvM6plREPkTziv8mGkyYUbtw2nJ2rjsGFGC U5zDDYlUvf4xx/zHY+V9bJauBW46sPy9I4pluKKGHd6brGgD71gDYy8VCfqDImgL WhMTsjA9siGyU3YY18ZTkpeJyAcS4ahELiw9qLA7Y+7+Rtg/Yti2X+998QztJGjg ZILKIJbRUhg+AIOVPpoZI2Lejd907wxJT5ojn3CUyyjFsEX9g3hxvoESwLKsXBFy TNClbKm2XSUkAV3ZHfl7FLtp30S5rF5DE3JDjhco931yWyi7F1i2YodjMoM4rT6f KJh/eUW4FN4T9CcYnZFq66XSooRh4MRrL/1c90FllawpB3YlYRN9NNe+IYGqeaWP cdd9qHjsv0OkwqgoYQdQccSKHU08RRxKaJNixi/FZ4Wec/yWQKu/4lLeMZjoRgQ0 pSRUopd9e7iqobFN6ed9Z5rqg+rfYs7x3eLW/qwqJO+ah77HzE+yRe0+8IfCjrqh kPlkJ0CreXHmgD/YkCSNcg76FknDjbGKrMU+AmHwRO9ZxnZFDZjgy6z2uLMR/988 hT+T9HVgb0LqkZvlz4I2tJm4wfgeX/UATlid2PP0fPW2pAJbnRM= =5AEp -----END PGP SIGNATURE-----
--- End Message ---
