Debian Bug report logs -
#894259
drupal7: CVE-2018-7600: SA-CORE-2018-002
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 27 Mar 2018 20:54:09 UTC
Severity: grave
Tags: security, upstream
Found in versions drupal7/7.32-1, drupal7/7.57-1
Fixed in versions drupal7/7.58-1, drupal7/7.52-2+deb9u3, drupal7/7.32-1+deb8u11
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Gunnar Wolf <gwolf@debian.org>:
Bug#894259; Package src:drupal7.
(Tue, 27 Mar 2018 20:54:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Gunnar Wolf <gwolf@debian.org>.
(Tue, 27 Mar 2018 20:54:12 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: drupal7
Version: 7.57-1
Severity: grave
Tags: security upstream
Hi Gunnar,
This bug is to track in Debian https://www.drupal.org/psa-2018-001 .
Sinc the assigned CVE is not yet know, we have so a Debian BTS
reference.
Regards,
Salvatore
Changed Bug title to 'drupal7: CVE-2018-7600: SA-CORE-2018-002' from 'drupal7: DRUPAL-PSA-2018-001'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 28 Mar 2018 19:09:03 GMT) (full text, mbox, link).
Marked as found in versions drupal7/7.32-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 28 Mar 2018 20:21:07 GMT) (full text, mbox, link).
Reply sent
to Gunnar Wolf <gwolf@debian.org>:
You have taken responsibility.
(Thu, 29 Mar 2018 00:09:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 29 Mar 2018 00:09:03 GMT) (full text, mbox, link).
Message #14 received at 894259-close@bugs.debian.org (full text, mbox, reply):
Source: drupal7
Source-Version: 7.58-1
We believe that the bug you reported is fixed in the latest version of
drupal7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 894259@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gunnar Wolf <gwolf@debian.org> (supplier of updated drupal7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 12 Mar 2018 12:04:53 -0600
Source: drupal7
Binary: drupal7
Architecture: source all
Version: 7.58-1
Distribution: unstable
Urgency: high
Maintainer: Gunnar Wolf <gwolf@debian.org>
Changed-By: Gunnar Wolf <gwolf@debian.org>
Description:
drupal7 - fully-featured content management framework
Closes: 894259
Changes:
drupal7 (7.58-1) unstable; urgency=high
.
* New upstream release
* Fixes critical security vulnerability SA-CORE-2018-002, CVE-2018-7600.
(Closes: #894259)
* Move repository from Alioth to Salsa; update Vcs-Git and Vcs-Browser
accordingly
Checksums-Sha1:
1261c61d5ed59396a106b6bda86827c8f6e0a8f1 1854 drupal7_7.58-1.dsc
b5bebe67682c24792316c4bb591c968f146e4799 3281269 drupal7_7.58.orig.tar.gz
3373ddcc54a40f97f679c16f66f917ec2cf9441d 187700 drupal7_7.58-1.debian.tar.xz
9ce17cc187df6cf6f24d22b3a7643daec25dbbc9 2525936 drupal7_7.58-1_all.deb
7e9dbdfcdbf132965178580518bf1f64d4a79a14 8694 drupal7_7.58-1_amd64.buildinfo
Checksums-Sha256:
1c76c0f5ef7bc601e26b8eb84f019c887ce75cf4cf360051703cbe70cb1f25e6 1854 drupal7_7.58-1.dsc
33d29980593477ab1504d21e4bf10455f6a386935a88b34ac6d14aaf94c42272 3281269 drupal7_7.58.orig.tar.gz
77478d6afc7c0f852c984a3ce27f0acdddca8030fadfc15985cb77c954170544 187700 drupal7_7.58-1.debian.tar.xz
97ebacd461081635432c9da555b1e29f78773da3d39c600249617ac1acc59535 2525936 drupal7_7.58-1_all.deb
c5b5bd426cc25fdc4e74515c1baf978d0ffcd7b4797fccaf95369f1dfac6a1b3 8694 drupal7_7.58-1_amd64.buildinfo
Files:
61bda42ca213d26f0ceb2f8074deaca5 1854 web optional drupal7_7.58-1.dsc
c59949bcfd0d68b4f272bc05a91d4dc6 3281269 web optional drupal7_7.58.orig.tar.gz
0a4d96a4ad6333fa0077fdf0899e871c 187700 web optional drupal7_7.58-1.debian.tar.xz
e083fb3b5f961801af6ea09e3c952aa7 2525936 web optional drupal7_7.58-1_all.deb
7bbf466196e14c256a50a96cfa6db0b5 8694 web optional drupal7_7.58-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEq0HBxor9ZoygRev4ZzoD5MHbkh8FAlq8KckACgkQZzoD5MHb
kh9wCw/9FF4wtGNRzkSoxwquElhED9OgSbBWNn9qjnHGeUTEu1j4xAuBDZmBJtJu
COsvXNjl5GVZNy/tMtp0kzcbDYYI05WwzYtnLuAhWRMuT/Am0+dsEQFXsnPkFhri
lAC0Xmb5fJg8bs38EvOP/zE5lOhKCpPMjUjf+NKXNsc/ngtCj5Y8dwoGnvmVQ7fq
VJxzgOeTIT0q24DZs1n5W60/GsPV6fjczK9c8OfWWfql49OkncUU+nCXkCiJE+Bq
Kinb7tctETGuidCwpTVHOaQZfPJYoa3QLfS4+L/X/dlGELVoI2EaWOa38bvbxgBy
wABwIz4w/PdRuIkSpbeq1eNO8PmCoFOYta/GF6bRixu4d4iYxExG/EEHzElBSO3F
mCXJiVUYlu8W1Hlx+RmgERNHk51TVxa5NlUUCGeAo6uY4uwHWb73YyI+u1AKDv9+
1zrWc0xBqTuvMobzies//NgtBst8d6vrM+OYadx4kUuSg5ZaBdC7T4w1XXIsRXL+
jNhlXCX9sdu+/nibft/jib2zdj4T4I1wecqgDEZWxeGoxFyzMf+eKnebX9PRa/ND
nNXbmxaLnnCuPwmii1tIGOpwdnaJcDqQ8o+EVabQn/Ftm3hfUYzkXhMXLDb/M3to
cI0s3rMWCeB0xHKhwIRhcfg3mhK9+AJGzWEMyLq8y8ftjGDe3f8=
=jRBh
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Fri, 30 Mar 2018 19:51:14 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 30 Mar 2018 19:51:15 GMT) (full text, mbox, link).
Message #19 received at 894259-close@bugs.debian.org (full text, mbox, reply):
Source: drupal7
Source-Version: 7.52-2+deb9u3
We believe that the bug you reported is fixed in the latest version of
drupal7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 894259@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated drupal7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 28 Mar 2018 22:21:14 +0200
Source: drupal7
Binary: drupal7
Architecture: source
Version: 7.52-2+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Gunnar Wolf <gwolf@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 894259
Description:
drupal7 - fully-featured content management framework
Changes:
drupal7 (7.52-2+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* SA-CORE-2018-002: Fix remote code execution vulnerability (CVE-2018-7600)
(Closes: #894259)
Checksums-Sha1:
8649b336808d6cfc16c2b8aaf89b0c0951ab8c19 2059 drupal7_7.52-2+deb9u3.dsc
612b4aee70d874e31b3aec8437a1e046083cefd2 193392 drupal7_7.52-2+deb9u3.debian.tar.xz
Checksums-Sha256:
ceb23d4d9889c60694714ab43fcf72362b842826711a3e0521f819486b00fa59 2059 drupal7_7.52-2+deb9u3.dsc
078e3ac5110be2395e735b8b35b8318e4b94a03075dc861836672b362af68274 193392 drupal7_7.52-2+deb9u3.debian.tar.xz
Files:
26adbad5d790e170c26d3b30fa457d48 2059 web extra drupal7_7.52-2+deb9u3.dsc
0c2f761dd3e33f42d1561413921ebfc3 193392 web extra drupal7_7.52-2+deb9u3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlq7+odfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E7tcP/2Ch7qsmcQkjzjQwfTByrj2hMxrY/FSY
ZfyHC9IPZeyfKxe5K6EVEbXcnW7/bfFAvt988vHmZOVfJRvSGlVmL0mcBkp6e+nV
QvG6qAs4V8ufcdCFjmifnCyhFzIYP1QMlqoo3VuyNgQgIteoPOcaCsxbQ/pWz9Hd
3Syuhuv66+MCj8cTp+Mxv8d8O909ILVF4yNVr8OWh8tXLVdteOiW4TH5LK7ZUjC5
4p/ADtgRhBj0/E+4AN6d4vz0hb12hUcyVfK8eFP+06zXgam3uoPWybXx5hbIhErf
qP5ML7A7sm4fbz9B4kd/Nr6nO2nHc8KFJPU0n/9z3rGLaF/Wn+WcQ+XWRl7DjcPm
CKtwI8rr4uxQAD9F0mFw5kcSzWYUr0NWRKS7irzbqM7u8swGa+SgBw+4ZihmFpBZ
xGEAx9R6XuXi81LCVHmTxLEAKc6M3KheUUUF1EQYmXoMbRlcyVvPU7NBmFUd7+6b
eaJkEHMDgWxR7Q7Gjt5BrG35E8hqG9uwDPVYiX72wq9K8l7ThQNAFZUXJ7+p5Dmt
J/g5lt+DP1B4ZtAYxK//2zOaAcrLE6QH2LbKHKzyx/mDRjOcBFHBGxhZ+wu0qiSF
fWeqcP5lNvYmgNzM9wvkOiG7JdWiFesJRc1+pTRH1qCGBc4lZSxmWd+mVr7F0udy
g78DGBLsnPcv
=0dsT
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Fri, 30 Mar 2018 19:54:19 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 30 Mar 2018 19:54:19 GMT) (full text, mbox, link).
Message #24 received at 894259-close@bugs.debian.org (full text, mbox, reply):
Source: drupal7
Source-Version: 7.32-1+deb8u11
We believe that the bug you reported is fixed in the latest version of
drupal7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 894259@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated drupal7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 28 Mar 2018 22:30:18 +0200
Source: drupal7
Binary: drupal7
Architecture: all source
Version: 7.32-1+deb8u11
Distribution: jessie-security
Urgency: high
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 894259
Description:
drupal7 - fully-featured content management framework
Changes:
drupal7 (7.32-1+deb8u11) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* SA-CORE-2018-002: Fix remote code execution vulnerability (CVE-2018-7600)
(Closes: #894259)
Checksums-Sha1:
a2cbe5e0e790a42d8c7c25f98dbf910d84d5d1a1 2070 drupal7_7.32-1+deb8u11.dsc
89a31f77dfb01ae8ce3fd9e2ff1b50a563ce1fbc 204924 drupal7_7.32-1+deb8u11.debian.tar.xz
83f60d8b37617913e5b4d8fea59633f5ab62ef38 2479496 drupal7_7.32-1+deb8u11_all.deb
Checksums-Sha256:
b515d3309a7feac019ecbbabc18b0a71fba49192cf80460f17780d8f700e50bc 2070 drupal7_7.32-1+deb8u11.dsc
e6c082b084d68bdc15b02720238fa79fbbb81defe38ea60cfd2ba47e36863279 204924 drupal7_7.32-1+deb8u11.debian.tar.xz
b5d43ee78c8ed5b703ca66131fb21ffa2a86befcb0361aff0e68d58f0430c1c1 2479496 drupal7_7.32-1+deb8u11_all.deb
Files:
e4d080c2cdd0f86cf36f5a03b5122e40 2070 web extra drupal7_7.32-1+deb8u11.dsc
770f1cc6c711ce93dee136bea240351d 204924 web extra drupal7_7.32-1+deb8u11.debian.tar.xz
d93324ef5255e2dc9fadc4c71eef6cda 2479496 web extra drupal7_7.32-1+deb8u11_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlq7/HZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EoqMP/0qrfxeWFNBTyOX9lp1Vn7K5NaxD+MdF
d75VhZupCLkwFYeZHxFsUPDYR7d9W7AZg4QmjCxDHUJwgLP9oayz6foEAmfkU+cD
P+iO75v+3+LorTov2Gh4AVzcnWgzJSSkRP+UX0oEmbGB9vFE8cUQlTrz3UFHpalr
hOm3uRW2f9TdMF973knHIcq1fc38AztlYWKgqTNjUD0Y7f/rFYexnMJIA14DQgUq
0e8n94aRwbApmSjtgwq9apkNsD54IiHmaRdkjqm9raI/FesggGPKpqEMbtuhXuIb
6mu4RsEEPGSQELB0KjzLldfdroxIB/vWaciVJHvp/gYoKSEuN34SYzjWSYkdjs4y
hzvBW9GtIa6fALSs9lKikksWLVJMirUgJrCG4LdSZ0+Avi/hN/DXf/b3w2r6v8G2
8lcVtCr5a9TBeb8/5+H2KTNMyts24yogEvnD0hWdS4jwZ3MSHmvxex2e8BVl9URi
CUZGdivQhp8bqY2AWkP1TsfJt4kdEaJB68QhhQdedUO9EccxW68sT98FgTXONnoD
a6FMHmlZGOhqDsEVxwbviDUxXW7PfNs6jMcFigkCcYqEWnkgarX3yi1+N+5IwrbT
U/XOEH8i6m8Jl7mB50I3SM/0sLxgx2/cn4DiUpsl4eguAIk/tbZWN74DhJvMFO+X
tOyYIpeek1lx
=jrw1
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 15 Jul 2018 07:30:23 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:52:15 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon