Debian Security Advisory(Debian安全报告) DSA-4412-1 drupal7 security update

Package：drupal7

CVE ID：暂无

　　Drupal是一个功能丰富的CMS，它的文件模块中没有对输入过滤可能会导致XSS。

　　关于该漏洞的更多信息，请参考官方公告：https://www.drupal.org/sa-co-2019-004。

　　这个问题在7.52-2+deb9u7版本中得到了修复。

　　有关drupal7的详细安全情况，请参考它的安全跟踪页面: https://securtracker.debian.org/tracker/drupal7

--------------------

Debian Security Advisory DSA-4412-1 drupal7 security update

Package        : drupal7
CVE ID         : not yet available

It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting.

For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-004.

This problem has been fixed in version 7.52-2+deb9u7.

For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7