Drupal unpatched for several years, needs to be updated or removed
Bug #1766664 reported by
Matt Forrest
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| drupal7 (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
This Drupal package has not been updated in several years! We just got hit by the "drupalgeddon 2.0" issue after assuming Ubuntu would keep this package up-to-date.
CVE-2018-7600
https:/
Please sync with Debian, Drupal or REMOVE this package from the repo!
CVE References
Revision history for this message
| Emily Ratliff (emilyr) wrote | #1 |
| information type: | Private Security → Public Security |
| Changed in drupal7 (Ubuntu): | |
| status: | New → Confirmed |
Revision history for this message
| Michael Hess (Drupal) (mlhess-drupal) wrote | #2 |
To post a comment you must log in.
Matt, I am very sorry that you were hit by drupalgeddon 2.0. drupal7 is community supported in Ubuntu which means that it only gets updated when an Ubuntu community member supplies a debdiff.
You can check the support status of packages on your system by running ubuntu-
$ ubuntu-
will show you the list of installed packages on your system that are not receiving security maintenance from the Ubuntu Security Team.
You can also view the support status of an individual package by viewing the package's page in Launchpad. For drupal7 it is
https:/
The "release (universe)" indicator shows that it is community supported.
If you are using Ubuntu 14.04 or 16.04, you can use the drush tool to update drupal using the guidance on the drupal website: https:/
drupal has been removed from the archive starting with 18.04 LTS.
I'm sorry that you experienced drupalgeddon 2.0.