Hi Gunnar, all
See below.
On Tue, 9 Mar 2021 at 05:11, Gunnar Wolf wrote:
> Hello Ola, Salvatore, Chris et. al.!
>
> Ola Lundqvist dijo [Mon, Mar 08, 2021 at 11:51:35PM +0100]:
> > Hi Salvatore, Gunnar, all
> >
> > When looking further into this issue I do not
Hello Ola, Salvatore, Chris et. al.!
Ola Lundqvist dijo [Mon, Mar 08, 2021 at 11:51:35PM +0100]:
> Hi Salvatore, Gunnar, all
>
> When looking further into this issue I do not think drupal7 is completely
> fixed.
> The durpal 7 package include the following fix:
> +
Hi Salvatore, Gunnar, all
When looking further into this issue I do not think drupal7 is completely
fixed.
The durpal 7 package include the following fix:
+if (strpos(realpath(dirname($v_header['link'])),
realpath($p_path)) !== 0) {
But it is missing the depth c
dla-needed.
> > > Ths thing is that this CVE tells that drupal7 is also vulnerable but
> > > drupal7 is not in dla-needed.txt.
> >
> > It may be that drupal7 was not marked as being vulnerable to
> > CVE-2020-36193 at the time of triage. After all, the code co
On 25/02/2021 10:09, Chris Lamb wrote:
Morning Ola,
Today I looked at CVE-2020-36193 since we have php-pear in dla-needed.
Ths thing is that this CVE tells that drupal7 is also vulnerable but
drupal7 is not in dla-needed.txt.
It may be that drupal7 was not marked as being vulnerable to
CVE
Hi,
On Thu, Feb 25, 2021 at 09:09:08AM +, Chris Lamb wrote:
> Morning Ola,
>
> > Today I looked at CVE-2020-36193 since we have php-pear in dla-needed.
> > Ths thing is that this CVE tells that drupal7 is also vulnerable but
> > drupal7 is not in dla-needed.txt.
>
Morning Ola,
> Today I looked at CVE-2020-36193 since we have php-pear in dla-needed.
> Ths thing is that this CVE tells that drupal7 is also vulnerable but
> drupal7 is not in dla-needed.txt.
It may be that drupal7 was not marked as being vulnerable to
CVE-2020-36193 at the time
Hi Chris
Today I looked at CVE-2020-36193 since we have php-pear in dla-needed.
Ths thing is that this CVE tells that drupal7 is also vulnerable but
drupal7 is not in dla-needed.txt.
Is there any specific reason for this?
I guess there is, like drupal7 impact was realized later, or lack of time
Brian May writes:
> Drupal7, in Jessie has 3 security issues:
My proposed changes to drupal7 in Jessie:
diff -Nru drupal7-7.32/debian/changelog drupal7-7.32/debian/changelog
--- drupal7-7.32/debian/changelog 2019-05-20 20:05:42.0 +1000
+++ drupal7-7.32/debian/changelog 2
Drupal7, in Jessie has 3 security issues:
CVE-2020-11022 / CVE-2020-11023 / SA-CORE-2020-002
Vulnerabilities in jquery library.
The Debian drupal7 package comes with jquery 1.4.4
(debian/missing-sources/jquery-1.4.4.js).
7.27+dfsg-1 the maintainer attempted to use the libjs-jquery
package
Hi Chris!
Chris Lamb dijo [Mon, Mar 04, 2019 at 03:22:35AM -0500]:
> Dear maintainer(s),
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Jessie version of drupal7:
> https://security-tracker.debian.org/tracker/source-package/drupal7
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Jessie version of drupal7:
https://security-tracker.debian.org/tracker/source-package/drupal7
Would you like to take care of this yourself?
If yes, please follow the workflow we have
On Thursday 26 April 2018 12:29 PM, Emilio Pozuelo Monfort wrote:
> On 26/04/18 04:54, Abhijith PA wrote:
>> Hello.
>>
>> I have prepared LTS security update for drupal7[1] . Debdiff is
>> attached. Please review and upload. I tested it on a clean wheezy vm
>
&g
On 26/04/18 04:54, Abhijith PA wrote:
> Hello.
>
> I have prepared LTS security update for drupal7[1] . Debdiff is
> attached. Please review and upload. I tested it on a clean wheezy vm
Uploaded. Are you available to send a DLA or should I?
Cheers,
Emilio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello.
I have prepared LTS security update for drupal7[1] . Debdiff is
attached. Please review and upload. I tested it on a clean wheezy vm
[1]https://mentors.debian.net/debian/pool/main/d/drupal7/drupal7_7.14-2+
deb7u19.dsc
- --abhijith
Raphael Hertzog dijo [Thu, Jun 22, 2017 at 10:55:59AM +0200]:
> Hello Gunnar,
Hello Raphael,
Thanks a lot for your great, invaluable help on LTS!
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of drupal7:
> http
Hello Gunnar,
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of drupal7:
https://security-tracker.debian.org/tracker/CVE-2017-6922
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined here
b...@decadent.org.uk dijo [Thu, Jul 14, 2016 at 11:26:04PM +0100]:
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of drupal7:
> https://security-tracker.debian.org/tracker/CVE-2016-6211
>
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of drupal7:
https://security-tracker.debian.org/tracker/CVE-2016-6211
Would you like to take care of this yourself?
If yes, please follow the workflow we have
19 matches
Mail list logo
