CVE-2017-6922

NameCVE-2017-6922
DescriptionFiles uploaded by anonymous users into a private file system can be accessed by other anonymous users
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1004-1, DSA-3897-1
Debian Bugs756305, 865498

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
drupal7 (PTS)wheezy7.14-2+deb7u12vulnerable
wheezy (security)7.14-2+deb7u16fixed
jessie (security), jessie7.32-1+deb8u9fixed
stretch (security), stretch7.52-2+deb9u1fixed
buster, sid7.56-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
drupal7source(unstable)7.56-1865498
drupal7sourcejessie7.32-1+deb8u9DSA-3897-1
drupal7sourcestretch7.52-2+deb9u1DSA-3897-1
drupal7sourcewheezy7.14-2+deb7u16DLA-1004-1
drupal8ITP756305

Notes

https://www.drupal.org/SA-CORE-2017-003
http://cgit.drupalcode.org/drupal/diff/?h=7.x&id=600c1346ed976e6f35fc2b0f907a7837f0f7c145&id2=9eebe462d1e93e785e6c028dc6cf689623c4d936

Search for package or bug name: Reporting problems