Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 27 Aug 2015 13:31:54 +0200
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com
Cc: Drupal Security Team <security@...pal.org>
Subject: Re: CVEs requests for Drupal Core (SA-CORE-2015-003)

Hi Salvatore

On Thu, Aug 27, 2015 at 8:29 AM, Salvatore Bonaccorso <carnil@...ian.org> wrote:
> Hi Pere
>
> On Fri, Aug 21, 2015 at 07:53:29PM +0200, Pere Orga wrote:
>> Please can I have CVE IDs assigned to the following vulnerabilities:
>>
>> Cross-site Scripting - Ajax system - Drupal 7
>> Cross-site Scripting - Autocomplete system - Drupal 6 and 7
>> SQL Injection - Database API - Drupal 7
>> Cross-site Request Forgery - Form API - Drupal 6 and 7
>> Information Disclosure in Menu Links - Access system - Drupal 6 and 7
>>
>> See https://www.drupal.org/SA-CORE-2015-003 for details.
>
> For reference: Looks like these five CVEs were assigned:
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6658
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6659
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6660
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6661
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6665
>

Updated on our side, thanks.

Regards
Pere

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ