Author: carnil
Date: 2016-03-16 05:25:57 +0000 (Wed, 16 Mar 2016)
New Revision: 40407
Modified:
data/CVE/list
Log:
CVEs assigned for drupal issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-16 05:13:32 UTC (rev 40406)
+++ data/CVE/list 2016-03-16 05:25:57 UTC (rev 40407)
@@ -1609,7 +1609,7 @@
NOTE: pcre2: http://vcs.pcre.org/pcre2?view=revision&revision=489
NOTE: https://bugs.exim.org/show_bug.cgi?id=1791
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1311503
-CVE-2016-XXXX [File upload access bypass and denial of service]
+CVE-2016-3162 [File upload access bypass and denial of service]
- drupal8 <itp> (bug #756305)
- drupal7 7.43-1
[wheezy] - drupal7 7.14-2+deb7u12
@@ -1617,8 +1617,8 @@
NOTE: workaround entry for DSA-3498-1 until/if CVE assigned
- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Brute force amplification attacks via XML-RPC]
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3163 [Brute force amplification attacks via XML-RPC]
- drupal7 7.43-1
[wheezy] - drupal7 7.14-2+deb7u12
[jessie] - drupal7 7.32-1+deb8u6
@@ -1626,8 +1626,8 @@
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Open redirect via path manipulation]
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3164 [Open redirect via path manipulation]
- drupal8 <itp> (bug #756305)
- drupal7 7.43-1
[wheezy] - drupal7 7.14-2+deb7u12
@@ -1636,26 +1636,26 @@
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Form API ignores access restrictions on submit buttons]
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3165 [Form API ignores access restrictions on submit buttons]
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [HTTP header injection using line breaks]
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3166 [HTTP header injection using line breaks]
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Open redirect via double-encoded 'destination' parameter]
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3167 [Open redirect via double-encoded 'destination' parameter]
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Reflected file download vulnerability]
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3168 [Reflected file download vulnerability]
- drupal7 7.43-1
[wheezy] - drupal7 7.14-2+deb7u12
[jessie] - drupal7 7.32-1+deb8u6
@@ -1663,8 +1663,8 @@
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Saving user accounts can sometimes grant the user all roles]
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3169 [Saving user accounts can sometimes grant the user all roles]
- drupal7 7.43-1
[wheezy] - drupal7 7.14-2+deb7u12
[jessie] - drupal7 7.32-1+deb8u6
@@ -1672,8 +1672,8 @@
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Email address can be matched to an account]
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3170 [Email address can be matched to an account]
- drupal8 <itp> (bug #756305)
- drupal7 7.43-1
[wheezy] - drupal7 7.14-2+deb7u12
@@ -1681,13 +1681,13 @@
NOTE: workaround entry for DSA-3498-1 until/if CVE assigned
- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Session data truncation can lead to unserialization of user
provided data]
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3171 [Session data truncation can lead to unserialization of user
provided data]
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
+ NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-2541
RESERVED
CVE-2016-2540
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
