[Secure-testing-commits] r39914 - data/CVE
Chris Lamb
lamby at moszumanska.debian.org
Thu Feb 25 10:13:55 UTC 2016
Author: lamby
Date: 2016-02-25 10:13:55 +0000 (Thu, 25 Feb 2016)
New Revision: 39914
Modified:
data/CVE/list
Log:
Triage drupal6 for LTS
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-25 10:04:41 UTC (rev 39913)
+++ data/CVE/list 2016-02-25 10:13:55 UTC (rev 39914)
@@ -11,37 +11,44 @@
CVE-2016-XXXX [Brute force amplification attacks via XML-RPC]
- drupal7 <unfixed>
- drupal6 <removed>
+ [squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
TODO: check
CVE-2016-XXXX [Open redirect via path manipulation]
- drupal8 <itp> (bug #756305)
- drupal7 <unfixed>
- drupal6 <removed>
+ [squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
TODO: check
CVE-2016-XXXX [Form API ignores access restrictions on submit buttons]
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
+ [squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
TODO: check
CVE-2016-XXXX [HTTP header injection using line breaks]
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
+ [squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
TODO: check
CVE-2016-XXXX [Open redirect via double-encoded 'destination' parameter]
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
+ [squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
TODO: check
CVE-2016-XXXX [Reflected file download vulnerability]
- drupal7 <unfixed>
- drupal6 <removed>
+ [squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
TODO: check
CVE-2016-XXXX [Saving user accounts can sometimes grant the user all roles]
- drupal7 <unfixed>
- drupal6 <removed>
+ [squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
TODO: check
CVE-2016-XXXX [Email address can be matched to an account]
@@ -53,6 +60,7 @@
CVE-2016-XXXX [Session data truncation can lead to unserialization of user provided data]
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
+ [squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
TODO: check
CVE-2016-2541
More information about the Secure-testing-commits
mailing list