Bug 265883

Summary:

www/drupal9 is out of date, affected by multiple CVEs

Product:

Ports & Packages

Reporter:

f451 <f451>

Component:

Individual Port(s)

Assignee:

Jose Alonso Cardenas Marquez <acm>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

wen

Priority:

---

Flags:

bugzilla: maintainer-feedback? (acm)

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Update to 9.4.5	acm: maintainer-approval+

Description f451 2022-08-16 16:05:17 UTC

Hi,

drupal 9.3.21 is available. Our ports version is 9.3.19.

https://www.drupal.org/project/drupal/releases/9.3.20 references
https://github.com/advisories/GHSA-8274-h5jp-97vr (CVE-2022-31109)

https://www.drupal.org/project/drupal/releases/9.3.21 references
https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j (CVE-2022-31175)

Please update. many thanks,

Comment 1 Wen Heping freebsd_committer

2022-08-19 06:56:30 UTC

I suggest update drupal9 to 9.4.5, and I shall upload the patch.

wen

Comment 2 Wen Heping freebsd_committer

2022-08-19 07:09:47 UTC

Created attachment 236008 [details]
Update to 9.4.5

Update to 9.4.5

Comment 3 Jose Alonso Cardenas Marquez freebsd_committer

2022-08-19 07:11:21 UTC

Comment on attachment 236008 [details]
Update to 9.4.5

Approved

Comment 4 commit-hook freebsd_committer

2022-08-20 01:17:12 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=06ed96c90ab5924d922ed6d731f2568a87294522

commit 06ed96c90ab5924d922ed6d731f2568a87294522
Author:     Wen Heping <wen@FreeBSD.org>
AuthorDate: 2022-08-20 01:14:33 +0000
Commit:     Wen Heping <wen@FreeBSD.org>
CommitDate: 2022-08-20 01:14:33 +0000

    www/drupal9: Update to 9.4.5

    PR:             265883
    Reported by:    f451@imap.cc
    Approved by:    maintainer

 www/drupal9/Makefile  |   2 +-
 www/drupal9/distinfo  |   6 +-
 www/drupal9/pkg-plist | 994 +++++++++++++++++++++++++++++++++-----------------
 3 files changed, 660 insertions(+), 342 deletions(-)