Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 27 Aug 2015 08:29:38 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Drupal Security Team <security@...pal.org>,
	CVE Assignments MITRE <cve-assign@...re.org>
Subject: Re: CVEs requests for Drupal Core (SA-CORE-2015-003)

Hi Pere

On Fri, Aug 21, 2015 at 07:53:29PM +0200, Pere Orga wrote:
> Please can I have CVE IDs assigned to the following vulnerabilities:
> 
> Cross-site Scripting - Ajax system - Drupal 7
> Cross-site Scripting - Autocomplete system - Drupal 6 and 7
> SQL Injection - Database API - Drupal 7
> Cross-site Request Forgery - Form API - Drupal 6 and 7
> Information Disclosure in Menu Links - Access system - Drupal 6 and 7
> 
> See https://www.drupal.org/SA-CORE-2015-003 for details.

For reference: Looks like these five CVEs were assigned:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6665

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ