[Secure-testing-commits] r39910 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Feb 25 08:18:16 UTC 2016
Author: carnil
Date: 2016-02-25 08:18:16 +0000 (Thu, 25 Feb 2016)
New Revision: 39910
Modified:
data/CVE/list
Log:
Split up drupal item
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-25 08:14:06 UTC (rev 39909)
+++ data/CVE/list 2016-02-25 08:18:16 UTC (rev 39910)
@@ -1,7 +1,56 @@
-CVE-2016-XXXX [SA-CORE-2016-001]
+CVE-2016-XXXX [File upload access bypass and denial of service]
+ - drupal8 <itp> (bug #756305)
- drupal7 <unfixed>
+ - drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
+ NOTE: https://www.drupal.org/SA-CORE-2016-001
+ TODO: check
+CVE-2016-XXXX [Brute force amplification attacks via XML-RPC]
+ - drupal7 <unfixed>
- drupal6 <removed>
NOTE: https://www.drupal.org/SA-CORE-2016-001
+ TODO: check
+CVE-2016-XXXX [Open redirect via path manipulation]
+ - drupal8 <itp> (bug #756305)
+ - drupal7 <unfixed>
+ - drupal6 <removed>
+ NOTE: https://www.drupal.org/SA-CORE-2016-001
+ TODO: check
+CVE-2016-XXXX [Form API ignores access restrictions on submit buttons]
+ - drupal7 <not-affected> (Only affects Drupal 6)
+ - drupal6 <removed>
+ NOTE: https://www.drupal.org/SA-CORE-2016-001
+ TODO: check
+CVE-2016-XXXX [HTTP header injection using line breaks]
+ - drupal7 <not-affected> (Only affects Drupal 6)
+ - drupal6 <removed>
+ NOTE: https://www.drupal.org/SA-CORE-2016-001
+ TODO: check
+CVE-2016-XXXX [Open redirect via double-encoded 'destination' parameter]
+ - drupal7 <not-affected> (Only affects Drupal 6)
+ - drupal6 <removed>
+ NOTE: https://www.drupal.org/SA-CORE-2016-001
+ TODO: check
+CVE-2016-XXXX [Reflected file download vulnerability]
+ - drupal7 <unfixed>
+ - drupal6 <removed>
+ NOTE: https://www.drupal.org/SA-CORE-2016-001
+ TODO: check
+CVE-2016-XXXX [Saving user accounts can sometimes grant the user all roles]
+ - drupal7 <unfixed>
+ - drupal6 <removed>
+ NOTE: https://www.drupal.org/SA-CORE-2016-001
+ TODO: check
+CVE-2016-XXXX [Email address can be matched to an account]
+ - drupal8 <itp> (bug #756305)
+ - drupal7 <unfixed>
+ - drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
+ NOTE: https://www.drupal.org/SA-CORE-2016-001
+ TODO: check
+CVE-2016-XXXX [Session data truncation can lead to unserialization of user provided data]
+ - drupal7 <not-affected> (Only affects Drupal 6)
+ - drupal6 <removed>
+ NOTE: https://www.drupal.org/SA-CORE-2016-001
+ TODO: check
CVE-2016-2541
RESERVED
CVE-2016-2540
More information about the Secure-testing-commits
mailing list