[Secure-testing-commits] r40407 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Mar 16 05:25:57 UTC 2016 

Author: carnil
Date: 2016-03-16 05:25:57 +0000 (Wed, 16 Mar 2016)
New Revision: 40407

Modified:
   data/CVE/list
Log:
CVEs assigned for drupal issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-16 05:13:32 UTC (rev 40406)
+++ data/CVE/list	2016-03-16 05:25:57 UTC (rev 40407)
@@ -1609,7 +1609,7 @@
 	NOTE: pcre2: http://vcs.pcre.org/pcre2?view=revision&revision=489
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=1791
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1311503
-CVE-2016-XXXX [File upload access bypass and denial of service]
+CVE-2016-3162 [File upload access bypass and denial of service]
 	- drupal8 <itp> (bug #756305)
 	- drupal7 7.43-1
 	[wheezy] - drupal7 7.14-2+deb7u12
@@ -1617,8 +1617,8 @@
 	NOTE: workaround entry for DSA-3498-1 until/if CVE assigned
 	- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Brute force amplification attacks via XML-RPC]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3163 [Brute force amplification attacks via XML-RPC]
 	- drupal7 7.43-1
 	[wheezy] - drupal7 7.14-2+deb7u12
 	[jessie] - drupal7 7.32-1+deb8u6
@@ -1626,8 +1626,8 @@
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Open redirect via path manipulation]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3164 [Open redirect via path manipulation]
 	- drupal8 <itp> (bug #756305)
 	- drupal7 7.43-1
 	[wheezy] - drupal7 7.14-2+deb7u12
@@ -1636,26 +1636,26 @@
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Form API ignores access restrictions on submit buttons]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3165 [Form API ignores access restrictions on submit buttons]
 	- drupal7 <not-affected> (Only affects Drupal 6)
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [HTTP header injection using line breaks]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3166 [HTTP header injection using line breaks]
 	- drupal7 <not-affected> (Only affects Drupal 6)
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Open redirect via double-encoded 'destination' parameter]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3167 [Open redirect via double-encoded 'destination' parameter]
 	- drupal7 <not-affected> (Only affects Drupal 6)
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Reflected file download vulnerability]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3168 [Reflected file download vulnerability]
 	- drupal7 7.43-1
 	[wheezy] - drupal7 7.14-2+deb7u12
 	[jessie] - drupal7 7.32-1+deb8u6
@@ -1663,8 +1663,8 @@
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Saving user accounts can sometimes grant the user all roles]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3169 [Saving user accounts can sometimes grant the user all roles]
 	- drupal7 7.43-1
 	[wheezy] - drupal7 7.14-2+deb7u12
 	[jessie] - drupal7 7.32-1+deb8u6
@@ -1672,8 +1672,8 @@
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Email address can be matched to an account]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3170 [Email address can be matched to an account]
 	- drupal8 <itp> (bug #756305)
 	- drupal7 7.43-1
 	[wheezy] - drupal7 7.14-2+deb7u12
@@ -1681,13 +1681,13 @@
 	NOTE: workaround entry for DSA-3498-1 until/if CVE assigned
 	- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-XXXX [Session data truncation can lead to unserialization of user provided data]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+CVE-2016-3171 [Session data truncation can lead to unserialization of user provided data]
 	- drupal7 <not-affected> (Only affects Drupal 6)
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/24/19
+	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-2541
 	RESERVED
 CVE-2016-2540

More information about the Secure-testing-commits mailing list