svn commit: r445161 - head/security/vuxml
Jose Alonso Cardenas Marquez
acm at FreeBSD.org
Thu Jul 6 18:47:14 UTC 2017
Author: acm
Date: Thu Jul 6 18:47:12 2017
New Revision: 445161
URL: https://svnweb.freebsd.org/changeset/ports/445161
Log:
- Document new vulnerabilities in www/drupal8 < 8.3.4
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Jul 6 18:29:33 2017 (r445160)
+++ head/security/vuxml/vuln.xml Thu Jul 6 18:47:12 2017 (r445161)
@@ -58,6 +58,36 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="4fc2df49-6279-11e7-be0f-6cf0497db129">
+ <topic>drupal8 -- Drupal Core - Multiple Vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>drupal8</name>
+ <range><lt>8.3.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Drupal Security Team Reports:</p>
+ <blockquote cite="https://www.drupal.org/SA-CORE-2017-003">
+ <p>CVE-2017-6920: PECL YAML parser unsafe object handling.</p>
+ <p>CVE-2017-6921: File REST resource does not properly validate</p>
+ <p>CVE-2017-6922: Files uploaded by anonymous users into a private
+ file system can be accessed by other anonymous users.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-6920</cvename>
+ <cvename>CVE-2017-6921</cvename>
+ <cvename>CVE-2017-6922</cvename>
+ </references>
+ <dates>
+ <discovery>2017-06-21</discovery>
+ <entry>2017-07-06</entry>
+ </dates>
+ </vuln>
+
<vuln vid="60931f98-55a7-11e7-8514-589cfc0654e1">
<topic>Dropbear -- two vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list