--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-8fd924a53d
2018-05-09 21:21:50.031719
--------------------------------------------------------------------------------
Name : drupal8
Product : Fedora 28
Version : 8.4.8
Release : 1.fc28
URL :
https://www.drupal.org/8
Summary : An open source content management platform
Description :
Drupal is an open source content management platform powering millions of
websites and applications. It���s built, used, and supported by an active and
diverse community of people around the world.
--------------------------------------------------------------------------------
Update Information:
-
https://www.drupal.org/project/drupal/releases/8.4.8 -
https://www.drupal.org/SA-CORE-2018-004 -
https://www.drupal.org/project/drupal/releases/8.4.7 -
https://www.drupal.org/sa-core-2018-003 RPM update: `drupal8-rpmbuild` package
dependencies fixed
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 25 2018 Shawn Iwinski <shawn(a)iwin.ski> - 8.4.8-1
- Update to 8.4.8 (SA-CORE-2018-004 / CVE-2018-7602 / SA-CORE-2018-003 /
CVE-2018-9861)
- Add composer.json files to repo
- Fix "rpmbuild" subpackage by adding range version dependencies for
Fedora >= 27 || RHEL >= 8
* Mon Apr 9 2018 Shawn Iwinski <shawn(a)iwin.ski> - 8.4.6-3
- Add range version dependencies for Fedora >= 27 || RHEL >= 8
- Add php-composer(symfony/config) dependency
* Sat Mar 31 2018 Shawn Iwinski <shawn(a)iwin.ski> - 8.4.6-2
- Fix autoload of symfony/psr-http-message-bridge and symfony-cmf/routing
- Add conflict when Twig v2 is installed
* Wed Mar 28 2018 Shawn Iwinski <shawn(a)iwin.ski> - 8.4.6-1
- Update to 8.4.6 (SA-CORE-2018-002 / CVE-2018-7600)
- Make scripts' dependencies match Drupal Symfony version constraints
* Wed Mar 14 2018 Shawn Iwinski <shawn(a)iwin.ski> - 8.4.5-1
- Update to 8.4.5 (RHBZ #1548187 / RHBZ #1548188 / RHBZ #1548189 /
RHBZ #1548192 / RHBZ #1548323 / RHBZ #1548325 / SA-CORE-2018-001 /
CVE-2017-6926 / CVE-2017-6927 / CVE-2017-6930 / CVE-2017-6931)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1572101 - CVE-2018-7602 drupal8: drupal: Remote code execution vulnerability
SA-CORE-2018-004 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1572101
[ 2 ] Bug #1571597 - drupal8-rpmbuild missing dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1571597
[ 3 ] Bug #1569830 - CVE-2018-9861 drupal8: ckeditor: Cross-site scripting (XSS)
vulnerability when using image2 plugin [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1569830
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-8fd924a53d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------