FEDORA-EPEL-2022-a55cc9e04f
Packages in this update:
stb-0-0.8.20211022gitaf1a5bc.el8
Update description:
Security fix for CVE-2022-28041
stb-0-0.8.20211022gitaf1a5bc.el8
Security fix for CVE-2022-28041
gopass-1.14.0-2.fc37
Automatic update for gopass-1.14.0-2.fc37.
* Wed Apr 20 2022 laiot <carmelo.sarta.main@gmail.com> 1.14.0-1
– Updated package version to 1.14.0
* Sat Apr 16 2022 Fabio Alessandro Locati <me@fale.io> 1.13.1-2
– Rebuilt for CVE-2022-27191
stb-0^20210910gitaf1a5bc-0.2.el9
Security fix for CVE-2022-28041
stb-0^20210910gitaf1a5bc-0.2.fc34
Security fix for CVE-2022-28041
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content.
This vulnerability only affects sites using Drupal’s revision system.
This advisory is not covered by Drupal Steward.
Install the latest version:
If you are using Drupal 9.3, update to Drupal 9.3.12.
All releases prior to Drupal 9.3 (including Drupal 7) are not affected.
Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
We do not know of affected forms within core itself, but contributed and custom project forms could be affected. Installing this update will fix those forms.
This advisory is not covered by Drupal Steward.
Install the latest version:
If you are using Drupal 9.3, update to Drupal 9.3.12.
If you are using Drupal 9.2, update to Drupal 9.2.18.
All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.
Drupal 7 is not affected.
stb-0^20210910gitaf1a5bc-0.2.fc35
Security fix for CVE-2022-28041
stb-0^20210910gitaf1a5bc-0.2.fc36
Security fix for CVE-2022-28041
stb-0^20210910gitaf1a5bc-0.2.fc37
Automatic update for stb-0^20210910gitaf1a5bc-0.2.fc37.
* Wed Apr 20 2022 Benjamin A. Beasley <code@musicinmybrain.net> 0^20210910gitaf1a5bc-0.2
– Security fix for CVE-2022-28041 (fix RHBZ#2077020, fix RBHZ#2077019)
Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution.