Debian Security Advisory(Debian安全报告) DSA-4412-1 drupal7 security update

Package:drupal7

CVE ID:暂无

  Drupal是一个功能丰富的CMS,它的文件模块中没有对输入过滤可能会导致XSS。

  关于该漏洞的更多信息,请参考官方公告:https://www.drupal.org/sa-co-2019-004

  这个问题在7.52-2+deb9u7版本中得到了修复。

  有关drupal7的详细安全情况,请参考它的安全跟踪页面: https://securtracker.debian.org/tracker/drupal7

--------------------

Debian Security Advisory DSA-4412-1 drupal7 security update

Package        : drupal7
CVE ID         : not yet available

It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting.

For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-004.

This problem has been fixed in version 7.52-2+deb9u7.

For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7

Debian Security Advisory(Debian安全报告) DSA-4412-1 drupal7 security update的更多相关文章

  1. Debian Security Advisory(Debian安全报告) DSA-4416-1 wireshark security update

    Debian Security Advisory(Debian安全报告) DSA-4416-1 wireshark security update Package:wireshark CVE ID : ...

  2. Debian Security Advisory(Debian安全报告) DSA-4415-1 passenger security update

    Debian Security Advisory(Debian安全报告) DSA-4415-1  passenger security update Package : passenger CVE I ...

  3. Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update

    Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update Package:l ...

  4. Debian Security Advisory(Debian安全报告) DSA-4411-1 firefox-esr security update

    Debian Security Advisory(Debian安全报告) DSA-4411-1  firefox-esr security update Package :firefox-esr CV ...

  5. Debian Security Advisory(Debian安全报告) DSA-4410-1 openjdk-8 security update

    Debian Security Advisory(Debian安全报告) DSA-4410-1 openjdk-8 security update Package :openjdk-8 CVE ID: ...

  6. Debian Security Advisory(Debian安全报告) DSA-4403-1 php7.0

    Package        : php7.0 CVE ID         : 还未申请 在广泛使用的开放源码通用脚本语言PHP中发现了多个安全问题:EXIF扩展存在多个无效内存访问的情况,并且发现 ...

  7. Debian Security Advisory(Debian安全报告) DSA-4407-1 xmltooling

    Package        : xmltooling CVE ID         : CVE-2019-9628 Ross Geerlings发现xmltools库没有正确处理关于错误(畸形)XM ...

  8. Debian Security Advisory(Debian安全报告) DSA-4406-1 waagent

    Package        : waagentCVE ID         : CVE-2019-0804 Francis McBratney发现Windows Azure Linux代理创建了具有 ...

  9. Debian Security Advisory(Debian安全报告) DSA-4404-1 chromium

    Package : chromium CVE ID : CVE-2019-5786 Clement Lecigne在chromium的文件读取器实现中发现了一个use-after-free(释放后重用 ...

随机推荐

  1. Codeforces Round #493 (Div. 2)

    C - Convert to Ones 给你一个01串 x是反转任意子串的代价 y是将子串全部取相反的代价 问全部变成1的最小代价 两种可能 一种把1全部放到一边 然后把剩下的0变成1  要么把所有的 ...

  2. Linux:文件系统层次结构标准(Filesystem Hierarchy Standard)

    Linux FHS_2.3标准文档:http://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.pdf

  3. NoSQL还是SQL?这一篇讲清楚

    https://mp.weixin.qq.com/s?__biz=MzAwMDU1MTE1OQ==&mid=2653550127&idx=1&sn=93f79e007d757a ...

  4. Git错误汇总

    Git提示rejected To github.com:zhuxiaoxi/Web-Demo.git ! [rejected] master -> master (fetch first) er ...

  5. SWOT分析法——进行项目管理的高效方法

    SWOT分析法是什么 SWOT分析法,即态势分析法,就是将与研究对象密切相关的各种主要内部优势.劣势和外部的机会和威胁等,通过调查列举出来,并依照矩阵形式排列,然后用系统分析的思想,把各种因素相互匹配 ...

  6. R语音:解决cor.test报错的 'y'必需是数值矢量

    'y'必需是数值矢量,产生该类报错可能是含有NA值. 只需要在该数值上加入as.double函数即可.见下命令: ##先测试是不是数值型 is.numeric(data[,2]) #[1] FALSE ...

  7. Adapter的getView

    http://blog.csdn.net/yelbosh/article/details/7831812 BaseAdapter就Android应用程序中经常用到的基础数据适配器,它的主要用途是将一组 ...

  8. Android Studio项目引入外部库注意事项(zxing)

    1.复制到app同级目录下,zxing: 2.在项目根目录下的settings.gradle下添加第三方库目录 4.在app/build.gradle下添加编译依赖 compile project(p ...

  9. 点赞功能与redis的相遇

    https://www.jianshu.com/p/2ab76d5bde71 或者 https://kikoroc.com/2016/06/07/dev-like-function-with-redi ...

  10. hystrix项目实战

    闲话少说: 总共分6步: (1)添加hystrix依赖以及监控的依赖 <dependency> <groupId>org.springframework.cloud</g ...