--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-6e6d8c314b
2018-04-24 04:01:07.714433
--------------------------------------------------------------------------------
Name : drupal8
Product : Fedora 27
Version : 8.4.6
Release : 3.fc27
URL :
https://www.drupal.org/8
Summary : An open source content management platform
Description :
Drupal is an open source content management platform powering millions of
websites and applications. It���s built, used, and supported by an active and
diverse community of people around the world.
--------------------------------------------------------------------------------
Update Information:
* [
8.4.6](https://www.drupal.org/project/drupal/releases/8.4.6) * [SA-
CORE-2018-002 (
CVE-2018-7600)](https://www.drupal.org/SA-CORE-2018-002) *
[
8.4.5](https://www.drupal.org/project/drupal/releases/8.4.5) * [SA-
CORE-2018-001 (CVE-2017-6926 / CVE-2017-6927 / CVE-2017-6930 /
CVE-2017-6931)](https://www.drupal.org/SA-CORE-2018-001) *
[
8.4.4](https://www.drupal.org/project/drupal/releases/8.4.4) *
[
8.4.3](https://www.drupal.org/project/drupal/releases/8.4.3) *
[
8.4.2](https://www.drupal.org/project/drupal/releases/8.4.2) *
[
8.4.1](https://www.drupal.org/project/drupal/releases/8.4.1) *
[
8.4.0](https://www.drupal.org/project/drupal/releases/8.4.0) *
[
8.4.0-rc2](https://www.drupal.org/project/drupal/releases/8.4.0-rc2) *
[
8.4.0-rc1](https://www.drupal.org/project/drupal/releases/8.4.0-rc1) *
[
8.4.0-beta1](https://www.drupal.org/project/drupal/releases/8.4.0-beta1) *
[
8.4.0-alpha1](https://www.drupal.org/project/drupal/releases/8.4.0-alpha1)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 9 2018 Shawn Iwinski <shawn(a)iwin.ski> - 8.4.6-3
- Add range version dependencies for Fedora >= 27 || RHEL >= 8
- Add php-composer(symfony/config) dependency
* Sat Mar 31 2018 Shawn Iwinski <shawn(a)iwin.ski> - 8.4.6-2
- Fix autoload of symfony/psr-http-message-bridge and symfony-cmf/routing
- Add conflict when Twig v2 is installed
* Wed Mar 28 2018 Shawn Iwinski <shawn(a)iwin.ski> - 8.4.6-1
- Update to 8.4.6 (SA-CORE-2018-002 / CVE-2018-7600)
- Make scripts' dependencies match Drupal Symfony version constraints
* Wed Mar 14 2018 Shawn Iwinski <shawn(a)iwin.ski> - 8.4.5-1
- Update to 8.4.5 (RHBZ #1548187 / RHBZ #1548188 / RHBZ #1548189 /
RHBZ #1548192 / RHBZ #1548323 / RHBZ #1548325 / SA-CORE-2018-001 /
CVE-2017-6926 / CVE-2017-6927 / CVE-2017-6930 / CVE-2017-6931)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 8.3.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561855 - CVE-2018-7600 drupal8: drupal: Unsanitized requests allow remote
attackers to execute arbitrary code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1561855
[ 2 ] Bug #1548325 - CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929
CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal8: drupal: Multiple vulnerabilities fixed
in 7.57 and 8.4.5 (SA-CORE-2018-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548325
[ 3 ] Bug #1548192 - drupal8: drupal: JavaScript cross-site scripting in checkPlain
function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548192
[ 4 ] Bug #1548188 - drupal8: drupal: Comment reply form allows access to restricted
content [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548188
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-6e6d8c314b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------