[Secure-testing-commits] r46278 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Nov 17 12:28:04 UTC 2016
Author: carnil
Date: 2016-11-17 12:28:04 +0000 (Thu, 17 Nov 2016)
New Revision: 46278
Modified:
data/CVE/list
Log:
Add drupal issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-17 12:10:38 UTC (rev 46277)
+++ data/CVE/list 2016-11-17 12:28:04 UTC (rev 46278)
@@ -1,3 +1,18 @@
+CVE-2016-XXXX [Denial of service via transliterate mechanism]
+ - drupal8 <itp> (bug #756305)
+ - drupal7 <not-affected> (Only affects Drupal 8)
+ NOTE: https://www.drupal.org/SA-CORE-2016-005
+CVE-2016-XXXX [Confirmation forms allow external URLs to be injected]
+ - drupal7 <unfixed>
+ NOTE: https://www.drupal.org/SA-CORE-2016-005
+CVE-2016-XXXX [Incorrect cache context on password reset page]
+ - drupal8 <itp> (bug #756305)
+ - drupal7 <not-affected> (Only affects Drupal 8)
+ NOTE: https://www.drupal.org/SA-CORE-2016-005
+CVE-2016-XXXX [Inconsistent name for term access query]
+ - drupal8 <itp> (bug #756305)
+ - drupal7 <unfixed>
+ NOTE: https://www.drupal.org/SA-CORE-2016-005
CVE-2016-9399 [jpc_dec.c:1650: void calcstepsizes(uint_fast16_t, int, uint_fast16_t *): Assertion `!((expn + (numrlvls - 1) - (numrlvls - 1 - ((bandno > 0) ? ((bandno + 2) / 3) : (0)))) & (~0x1f))' failed.]
- jasper <removed> (unimportant)
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes
More information about the Secure-testing-commits
mailing list