[SECURITY] Fedora 32 Update: drupal8-8.9.11-1.fc32

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-d50d74d6f2 2020-12-15 01:40:25.818763 -------------------------------------------------------------------------------- Name : drupal8 Product : Fedora 32 Version : 8.9.11 Release : 1.fc32 URL : https://www.drupal.org/8 Summary : An open source content management platform Description : Drupal is an open source content management platform powering millions of websites and applications. It���s built, used, and supported by an active and diverse community of people around the world. -------------------------------------------------------------------------------- Update Information: - https://www.drupal.org/project/drupal/releases/8.9.11 - https://www.drupal.org/project/drupal/releases/8.9.10 - https://www.drupal.org/sa-core-2020-013 (CVE-2020-28948 / CVE-2020-28949) - https://www.drupal.org/project/drupal/releases/8.9.9 - https://www.drupal.org/sa-core-2020-012 (CVE-2020-13671) - https://www.drupal.org/project/drupal/releases/8.9.8 - https://www.drupal.org/project/drupal/releases/8.9.7 - https://www.drupal.org/project/drupal/releases/8.9.6 - https://www.drupal.org/sa-core-2020-011 (CVE-2020-13670) - https://www.drupal.org/sa-core-2020-010 (CVE-2020-13669) - https://www.drupal.org/sa-core-2020-009 (CVE-2020-13668) - https://www.drupal.org/sa-core-2020-008 (CVE-2020-13667) - https://www.drupal.org/sa-core-2020-007 (CVE-2020-13666) -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 6 2020 Shawn Iwinski <shawn(a)iwin.ski&gt; - 8.9.11-1 - Update to 8.9.11 (RHBZ #1879681) - https://www.drupal.org/sa-core-2020-007 (CVE-2020-13666) - https://www.drupal.org/sa-core-2020-008 (CVE-2020-13667) - https://www.drupal.org/sa-core-2020-009 (CVE-2020-13668) - https://www.drupal.org/sa-core-2020-010 (CVE-2020-13669) - https://www.drupal.org/sa-core-2020-011 (CVE-2020-13670) - https://www.drupal.org/sa-core-2020-012 (CVE-2020-13671 / RHBZ #1900796) - https://www.drupal.org/sa-core-2020-013 (CVE-2020-28948 / CVE-2020-28949) - License updated from "GPLv2+ and MIT and Public Domain and (GPLv2+ or MPLv1.1+ or LGPLv2+)" to "GPLv2+ and MIT and Public Domain and (GPLv2+ or MPLv1.1 or LGPLv2+)" -------------------------------------------------------------------------------- References: [ 1 ] Bug #1879681 - drupal8-8.9.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1879681 [ 2 ] Bug #1900796 - CVE-2020-13671 drupal8: drupal: improper filename sanitization can lead to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1900796 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-d50d74d6f2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------