Bug 265883 - www/drupal9 is out of date, affected by multiple CVEs
Summary: www/drupal9 is out of date, affected by multiple CVEs
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Jose Alonso Cardenas Marquez
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-16 16:05 UTC by f451
Modified: 2022-08-20 01:26 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (acm)

Attachments
Update to 9.4.5 (221.48 KB, text/plain)
2022-08-19 07:09 UTC, Wen Heping 		acm: maintainer-approval+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description f451 2022-08-16 16:05:17 UTC 
Hi,

drupal 9.3.21 is available. Our ports version is 9.3.19.

https://www.drupal.org/project/drupal/releases/9.3.20 references
https://github.com/advisories/GHSA-8274-h5jp-97vr (CVE-2022-31109)

https://www.drupal.org/project/drupal/releases/9.3.21 references
https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j (CVE-2022-31175)

Please update. many thanks,
Comment 1 Wen Heping freebsd_committer freebsd_triage 2022-08-19 06:56:30 UTC 
I suggest update drupal9 to 9.4.5, and I shall upload the patch.

wen
Comment 2 Wen Heping freebsd_committer freebsd_triage 2022-08-19 07:09:47 UTC 
Created attachment 236008 [details]
Update to 9.4.5

Update to 9.4.5
Comment 3 Jose Alonso Cardenas Marquez freebsd_committer freebsd_triage 2022-08-19 07:11:21 UTC 
Comment on attachment 236008 [details]
Update to 9.4.5

Approved
Comment 4 commit-hook freebsd_committer freebsd_triage 2022-08-20 01:17:12 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=06ed96c90ab5924d922ed6d731f2568a87294522

commit 06ed96c90ab5924d922ed6d731f2568a87294522
Author:     Wen Heping <wen@FreeBSD.org>
AuthorDate: 2022-08-20 01:14:33 +0000
Commit:     Wen Heping <wen@FreeBSD.org>
CommitDate: 2022-08-20 01:14:33 +0000

    www/drupal9: Update to 9.4.5

    PR:             265883
    Reported by:    f451@imap.cc
    Approved by:    maintainer

 www/drupal9/Makefile  |   2 +-
 www/drupal9/distinfo  |   6 +-
 www/drupal9/pkg-plist | 994 +++++++++++++++++++++++++++++++++-----------------
 3 files changed, 660 insertions(+), 342 deletions(-)