[Secure-testing-commits] r52797 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jun 22 03:30:19 UTC 2017
Author: carnil
Date: 2017-06-22 03:30:19 +0000 (Thu, 22 Jun 2017)
New Revision: 52797
Modified:
data/CVE/list
Log:
Add CVE-2017-962{0,1,2}/drupal*
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-22 03:25:26 UTC (rev 52796)
+++ data/CVE/list 2017-06-22 03:30:19 UTC (rev 52797)
@@ -8534,12 +8534,19 @@
RESERVED
CVE-2017-6923
RESERVED
-CVE-2017-6922
+CVE-2017-6922 [Files uploaded by anonymous users into a private file system can be accessed by other anonymous users]
RESERVED
-CVE-2017-6921
+ - drupal8 <itp> (bug #756305)
+ - drupal7 <unfixed>
+ NOTE: https://www.drupal.org/SA-CORE-2017-003
+CVE-2017-6921 [File REST resource does not properly validate]
RESERVED
-CVE-2017-6920
+ - drupal8 <itp> (bug #756305)
+ NOTE: https://www.drupal.org/SA-CORE-2017-003
+CVE-2017-6920 [PECL YAML parser unsafe object handling]
RESERVED
+ - drupal8 <itp> (bug #756305)
+ NOTE: https://www.drupal.org/SA-CORE-2017-003
CVE-2017-6919 (Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/SA-CORE-2017-002
More information about the Secure-testing-commits
mailing list