261506 – www/drupal9 is out of date, affected by CVE-2021-41184

Bug 261506 - www/drupal9 is out of date, affected by CVE-2021-41184

Summary: www/drupal9 is out of date, affected by CVE-2021-41184

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Jose Alonso Cardenas Marquez

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-01-27 08:20 UTC by tech-lists
Modified:	2022-02-02 22:21 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (acm)

Attachments
Upgrade drupal9 to 9.3.3 (140.88 KB, patch) 2022-01-27 18:41 UTC, Cy Schubert	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description tech-lists 2022-01-27 08:20:35 UTC

Hi,

The version of drupal9 in ports is 9.2.10 and is affected by
https://www.drupal.org/sa-core-2022-001
https://nvd.nist.gov/vuln/detail/CVE-2021-41184

fixed in
https://www.drupal.org/project/drupal/releases/9.2.11
https://www.drupal.org/project/drupal/releases/9.3.3

Comment 1 Cy Schubert freebsd_committer

2022-01-27 18:41:33 UTC

Created attachment 231392 [details]
Upgrade drupal9 to 9.3.3

This will upgrade drupal9 to 9.3.3.

Comment 2 tech-lists 2022-02-01 13:36:35 UTC

Hi,

thanks for the patch, seems to build ok in poudriere

Comment 3 tech-lists 2022-02-02 00:41:35 UTC

(In reply to Cy Schubert from comment #1)
I should be able to try it tomorrow (ie install it), will report results here

Comment 4 commit-hook freebsd_committer

2022-02-02 22:19:55 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=14719a28bc5ff84048763747f3f680c61a9d983e

commit 14719a28bc5ff84048763747f3f680c61a9d983e
Author:     Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
AuthorDate: 2022-02-02 22:14:10 +0000
Commit:     Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
CommitDate: 2022-02-02 22:19:22 +0000

    www/drupal9: update to 9.3.4

    ChangeLog at:   https://www.drupal.org/project/drupal/releases/9.3.4
    PR:             260339 261506
    Reported by:    tech-lists _at_ zyxst.net dennis.r.friedrichsen at gmail.com

 www/drupal9/Makefile             |   2 +-
 www/drupal9/distinfo             |   6 +-
 www/drupal9/files/pkg-message.in |   2 +-
 www/drupal9/pkg-plist            | 847 +++++++++++++++++++++++++++++++++++----
 4 files changed, 770 insertions(+), 87 deletions(-)

Comment 5 Jose Alonso Cardenas Marquez freebsd_committer

2022-02-02 22:21:04 UTC

- Committed thanks