Your message dated Sat, 24 Jun 2017 21:17:43 +0000 with message-id <e1dosr5-000j3i...@fasolo.debian.org> and subject line Bug#865498: fixed in drupal7 7.32-1+deb8u9 has caused the Debian Bug report #865498, regarding drupal7: CVE-2017-6922: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865498 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: drupal7 Version: 7.52-2 Severity: normal Tags: security patch upstream fixed-upstream Hi, the following vulnerability was published for drupal7. CVE-2017-6922[0]: |Files uploaded by anonymous users into a private file system can be |accessed by other anonymous users If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6922 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922 Please adjust the affected versions in the BTS as needed. Is jessie as well affected with based version 7.32? Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: drupal7 Source-Version: 7.32-1+deb8u9 We believe that the bug you reported is fixed in the latest version of drupal7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gunnar Wolf <gw...@debian.org> (supplier of updated drupal7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 22 Jun 2017 11:31:48 -0500 Source: drupal7 Binary: drupal7 Architecture: source all Version: 7.32-1+deb8u9 Distribution: jessie-security Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Gunnar Wolf <gw...@debian.org> Description: drupal7 - fully-featured content management framework Closes: 865498 Changes: drupal7 (7.32-1+deb8u9) jessie-security; urgency=high . * Backported from 7.41: SA-CORE-2015-004: Open redirect (CVE-2015- 7943) * Backported from 7.56: SA-CORE-2017-003: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users. (CVE-2017-6922) (Closes: #865498) * Updated patches noting the CVE IDs they address (many were sent out before a CVE was assigned) Checksums-Sha1: edadb618485953aec6c5526633b97f52fd9f20bb 1911 drupal7_7.32-1+deb8u9.dsc c673dfec976d86ec6079d503dc9d81f2cb73d262 3207974 drupal7_7.32.orig.tar.gz b1490cb8887870c8ea6c46faf71a53554cea6d6d 201136 drupal7_7.32-1+deb8u9.debian.tar.xz 1b2d7e19d889390a43906a08e6e48264cbfd5ac6 2473314 drupal7_7.32-1+deb8u9_all.deb a95fdc3819dd137a8d1992dab1462a1b3872a577 8437 drupal7_7.32-1+deb8u9_amd64.buildinfo Checksums-Sha256: 95bddc9e16b97c7ca8ee069e1e2bb40d53b3f212c2baa587e6dcb7fe105306cf 1911 drupal7_7.32-1+deb8u9.dsc f5e6efc7269d1a6e35788ed84022da7da3edd9f7d5c7e5cfa04302de366cf206 3207974 drupal7_7.32.orig.tar.gz 59478479510c19ec36fae37afc93d1aa0798c616f4f5e7683b1dab4d1d4f857a 201136 drupal7_7.32-1+deb8u9.debian.tar.xz 3b3f8838d0382bf17efebcf65d5d7b0f57448c574c344b8d50c76bf5b3268805 2473314 drupal7_7.32-1+deb8u9_all.deb eb8c74569835e463292ca9ac4659fe96e421573a1cd51daf494b9a2a384d36e9 8437 drupal7_7.32-1+deb8u9_amd64.buildinfo Files: 21347d6fa7b1740cefa6b4339b81cdbc 1911 web extra drupal7_7.32-1+deb8u9.dsc 54754efc64474e8b9e0f8507a9f0ddca 3207974 web extra drupal7_7.32.orig.tar.gz 38e63f9bff96eab90d2993f8d6219db6 201136 web extra drupal7_7.32-1+deb8u9.debian.tar.xz 9feab23334d72808f7d858a1012ea28c 2473314 web extra drupal7_7.32-1+deb8u9_all.deb 91c202f56f2ede36e053d70b17951503 8437 web extra drupal7_7.32-1+deb8u9_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEq0HBxor9ZoygRev4ZzoD5MHbkh8FAllL9I0ACgkQZzoD5MHb kh+l1A/9Fmr3x8kcuXI2D5X2WLd+ZodIdAL3wyR6lZw/TyfdOAqmGBCbgXth+uWa hPw+B9V09GwvEr27aah6r0SJ+suIBrZNheITkPD4osTIq5TkqaEUooV7uzja7hsT KHWuLYn17qC7bQQebe9RsA+qKlvdpJ47onx4R0t/GjC00uoiKaqyJ9FHhaTNyHYD GpIHI+cY0gv0KE8jPOtBYc/3gFSFJzdaSk5baaNLGqs5gRochnHO+HMo8PGQjmNv 5MG/lRToJIM4HO44e6HEm/PZQKNf0vMx0GNG7pD3brC21WuYdvdHgGEkgu+ACmyv zUdpvuyfUNq2v2sw3n4iqpzMLXEFvO5BIGLZZ9HfH5yuSxGKR4wSiqI1/B+zAqDS PuXzAVuSmIoHv7nnEPBALsaIWRhdTsefJXb2mEsmxvF9S4M6oy9XD37pk/fASp1s 7Xj69gFnDxC35H232TByHKCkiEO02dXl4pSlF/LfhutvtsjyQvD5EYBGHxmLgQw8 lXYa0pFekNDq+QnEHgJbrze+wadR10QmXcKTvNL8Wk6cGQ+/llDXEAuL20BSlkO+ aHqrY9VW4FgclSQ/PjzkKyP3xWAOzSsyuN0Pq5Fz7bVEXqfCjunm5bA+SY5CyTDJ i+Wm/kLnS4J9CPwjh5rQRcNhq+AUlAg++FQDhnhpjPtTojIha38= =XyhL -----END PGP SIGNATURE-----
--- End Message ---
