[Secure-testing-commits] r36330 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Aug 27 06:19:01 UTC 2015
Author: carnil
Date: 2015-08-27 06:19:01 +0000 (Thu, 27 Aug 2015)
New Revision: 36330
Modified:
data/CVE/list
Log:
CVEs assigned for drupal issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-27 06:13:48 UTC (rev 36329)
+++ data/CVE/list 2015-08-27 06:19:01 UTC (rev 36330)
@@ -10,22 +10,12 @@
RESERVED
CVE-2015-6667
RESERVED
-CVE-2015-6665 (Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal ...)
- TODO: check
CVE-2015-6664 (XML external entity (XXE) vulnerability in the application import ...)
TODO: check
CVE-2015-6663 (Cross-site scripting (XSS) vulnerability in the Client form in the ...)
TODO: check
CVE-2015-6662 (XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 ...)
TODO: check
-CVE-2015-6661 (Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to ...)
- TODO: check
-CVE-2015-6660 (The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not ...)
- TODO: check
-CVE-2015-6659 (SQL injection vulnerability in the SQL comment filtering system in the ...)
- TODO: check
-CVE-2015-6658 (Cross-site scripting (XSS) vulnerability in the Autocomplete system in ...)
- TODO: check
CVE-2015-6657
RESERVED
CVE-2015-6656
@@ -310,32 +300,32 @@
NOT-FOR-US: Portfolio plugin for WordPress
CVE-2015-6522 (SQL injection vulnerability in the WP Symposium plugin before 15.8 for ...)
NOT-FOR-US: WP Symposium plugin for WordPress
-CVE-2015-XXXX [Information Disclosure in Menu Links - Access system]
+CVE-2015-6661 [Information Disclosure in Menu Links - Access system]
- drupal7 7.39-1
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2015-003
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/21/5
-CVE-2015-XXXX [Cross-site Request Forgery - Form API]
+ NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+CVE-2015-6660 [Cross-site Request Forgery - Form API]
- drupal7 7.39-1
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2015-003
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/21/5
-CVE-2015-XXXX [SQL Injection - Database API]
+ NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+CVE-2015-6659 [SQL Injection - Database API]
- drupal7 7.39-1
NOTE: https://www.drupal.org/SA-CORE-2015-003
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/21/5
-CVE-2015-XXXX [Cross-site Scripting - Autocomplete system]
+ NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+CVE-2015-6658 [Cross-site Scripting - Autocomplete system]
- drupal7 7.39-1
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2015-003
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/21/5
-CVE-2015-XXXX [Cross-site Scripting - Ajax system]
+ NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+CVE-2015-6665 [Cross-site Scripting - Ajax system]
- drupal7 7.39-1
NOTE: https://www.drupal.org/SA-CORE-2015-003
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/21/5
+ NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-XXXX [arbitrary code execution via the _self variable]
- twig 1.20.0-1
[jessie] - twig 1.16.2-1+deb8u1
More information about the Secure-testing-commits
mailing list