[Secure-testing-commits] r39910 - data/CVE

Salvatore Bonaccorso Thu, 25 Feb 2016 00:18:40 -0800

Author: carnil
Date: 2016-02-25 08:18:16 +0000 (Thu, 25 Feb 2016)
New Revision: 39910


Modified:
   data/CVE/list
Log:
Split up drupal item

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-02-25 08:14:06 UTC (rev 39909)
+++ data/CVE/list       2016-02-25 08:18:16 UTC (rev 39910)
@@ -1,7 +1,56 @@
-CVE-2016-XXXX [SA-CORE-2016-001]
+CVE-2016-XXXX [File upload access bypass and denial of service]
+       - drupal8 <itp> (bug #756305)
        - drupal7 <unfixed>
+       - drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
+       NOTE: https://www.drupal.org/SA-CORE-2016-001
+       TODO: check
+CVE-2016-XXXX [Brute force amplification attacks via XML-RPC]
+       - drupal7 <unfixed>
        - drupal6 <removed>
        NOTE: https://www.drupal.org/SA-CORE-2016-001
+       TODO: check
+CVE-2016-XXXX [Open redirect via path manipulation]
+       - drupal8 <itp> (bug #756305)
+       - drupal7 <unfixed>
+       - drupal6 <removed>
+       NOTE: https://www.drupal.org/SA-CORE-2016-001
+       TODO: check
+CVE-2016-XXXX [Form API ignores access restrictions on submit buttons]
+       - drupal7 <not-affected> (Only affects Drupal 6)
+       - drupal6 <removed>
+       NOTE: https://www.drupal.org/SA-CORE-2016-001
+       TODO: check
+CVE-2016-XXXX [HTTP header injection using line breaks]
+       - drupal7 <not-affected> (Only affects Drupal 6)
+       - drupal6 <removed>
+       NOTE: https://www.drupal.org/SA-CORE-2016-001
+       TODO: check
+CVE-2016-XXXX [Open redirect via double-encoded 'destination' parameter]
+       - drupal7 <not-affected> (Only affects Drupal 6)
+       - drupal6 <removed>
+       NOTE: https://www.drupal.org/SA-CORE-2016-001
+       TODO: check
+CVE-2016-XXXX [Reflected file download vulnerability]
+       - drupal7 <unfixed>
+       - drupal6 <removed>
+       NOTE: https://www.drupal.org/SA-CORE-2016-001
+       TODO: check
+CVE-2016-XXXX [Saving user accounts can sometimes grant the user all roles]
+       - drupal7 <unfixed>
+       - drupal6 <removed>
+       NOTE: https://www.drupal.org/SA-CORE-2016-001
+       TODO: check
+CVE-2016-XXXX [Email address can be matched to an account]
+       - drupal8 <itp> (bug #756305)
+       - drupal7 <unfixed>
+       - drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
+       NOTE: https://www.drupal.org/SA-CORE-2016-001
+       TODO: check
+CVE-2016-XXXX [Session data truncation can lead to unserialization of user 
provided data]
+       - drupal7 <not-affected> (Only affects Drupal 6)
+       - drupal6 <removed>
+       NOTE: https://www.drupal.org/SA-CORE-2016-001
+       TODO: check
 CVE-2016-2541
        RESERVED
 CVE-2016-2540


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39910 - data/CVE

Reply via email to