[Secure-testing-commits] r40409 - in data: CVE DSA
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Mar 16 05:31:39 UTC 2016
Author: carnil
Date: 2016-03-16 05:31:39 +0000 (Wed, 16 Mar 2016)
New Revision: 40409
Modified:
data/CVE/list
data/DSA/list
Log:
Move CVEs fixed in DSA-3498-1/drupal7 to DSA list
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-16 05:27:06 UTC (rev 40408)
+++ data/CVE/list 2016-03-16 05:31:39 UTC (rev 40409)
@@ -1612,17 +1612,11 @@
CVE-2016-3162 [File upload access bypass and denial of service]
- drupal8 <itp> (bug #756305)
- drupal7 7.43-1
- [wheezy] - drupal7 7.14-2+deb7u12
- [jessie] - drupal7 7.32-1+deb8u6
- NOTE: workaround entry for DSA-3498-1 until/if CVE assigned
- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
NOTE: https://www.drupal.org/SA-CORE-2016-001
NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3163 [Brute force amplification attacks via XML-RPC]
- drupal7 7.43-1
- [wheezy] - drupal7 7.14-2+deb7u12
- [jessie] - drupal7 7.32-1+deb8u6
- NOTE: workaround entry for DSA-3498-1 until/if CVE assigned
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
@@ -1630,9 +1624,6 @@
CVE-2016-3164 [Open redirect via path manipulation]
- drupal8 <itp> (bug #756305)
- drupal7 7.43-1
- [wheezy] - drupal7 7.14-2+deb7u12
- [jessie] - drupal7 7.32-1+deb8u6
- NOTE: workaround entry for DSA-3498-1 until/if CVE assigned
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
@@ -1657,18 +1648,12 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3168 [Reflected file download vulnerability]
- drupal7 7.43-1
- [wheezy] - drupal7 7.14-2+deb7u12
- [jessie] - drupal7 7.32-1+deb8u6
- NOTE: workaround entry for DSA-3498-1 until/if CVE assigned
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3169 [Saving user accounts can sometimes grant the user all roles]
- drupal7 7.43-1
- [wheezy] - drupal7 7.14-2+deb7u12
- [jessie] - drupal7 7.32-1+deb8u6
- NOTE: workaround entry for DSA-3498-1 until/if CVE assigned
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
@@ -1676,9 +1661,6 @@
CVE-2016-3170 [Email address can be matched to an account]
- drupal8 <itp> (bug #756305)
- drupal7 7.43-1
- [wheezy] - drupal7 7.14-2+deb7u12
- [jessie] - drupal7 7.32-1+deb8u6
- NOTE: workaround entry for DSA-3498-1 until/if CVE assigned
- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
NOTE: https://www.drupal.org/SA-CORE-2016-001
NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2016-03-16 05:27:06 UTC (rev 40408)
+++ data/DSA/list 2016-03-16 05:31:39 UTC (rev 40409)
@@ -74,6 +74,7 @@
{CVE-2016-0740 CVE-2016-0775 CVE-2016-2533}
[jessie] - pillow 2.6.1-2+deb8u2
[28 Feb 2016] DSA-3498-1 drupal7 - security update
+ {CVE-2016-3162 CVE-2016-3163 CVE-2016-3164 CVE-2016-3168 CVE-2016-3169 CVE-2016-3170}
[wheezy] - drupal7 7.14-2+deb7u12
[jessie] - drupal7 7.32-1+deb8u6
[28 Feb 2016] DSA-3497-1 php-horde - security update
More information about the Secure-testing-commits
mailing list