Date: Sat, 18 Apr 2020 04:13:41 +0000 (UTC) From: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r531995 - head/security/vuxml Message-ID: <202004180413.03I4Dfv1002329@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: acm Date: Sat Apr 18 04:13:40 2020 New Revision: 531995 URL: https://svnweb.freebsd.org/changeset/ports/531995 Log: - Add www/drupal8 entry Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Apr 18 02:58:15 2020 (r531994) +++ head/security/vuxml/vuln.xml Sat Apr 18 04:13:40 2020 (r531995) @@ -58,6 +58,40 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e24fd421-8128-11ea-aa57-000ffec73f06"> + <topic>drupal -- Drupal Core - Moderately critical - Third-party library</topic> + <affects> + <package> + <name>drupal8</name> + <range><lt>8.8.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal Security Team reports:</p> + <blockquote cite="https://www.drupal.org/sa-core-2020-001"> + <p>The Drupal project uses the third-party library CKEditor, which has + released a security improvement that is needed to protect some + Drupal configurations.</p> + <p>Vulnerabilities are possible if Drupal is configured to use the + WYSIWYG CKEditor for your site's users. An attacker that can createor + edit content may be able to exploit this Cross Site Scripting (XSS) + vulnerability to target users with access to the WYSIWYG CKEditor, + and this may include site admins with privileged access.</p> + <p>The latest versions of Drupal update CKEditor to 4.14 to mitigate + the vulnerabilities.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.drupal.org/sa-core-2020-001</url> + </references> + <dates> + <discovery>2020-03-18</discovery> + <entry>2020-04-17</entry> + </dates> + </vuln> + <vuln vid="ae2e7871-80f6-11ea-bafd-815569f3852d"> <topic>ansible - Vault password leak from temporary file</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004180413.03I4Dfv1002329>