Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Nov 2016 11:22:09 +0100
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com
Cc: Drupal Security Team <security@...pal.org>
Subject: CVE requests for Drupal core (SA-CORE-2016-005)

Hi

Please can I have CVE IDs assigned to the following Drupal
vulnerabilities (see https://www.drupal.org/SA-CORE-2016-005):

* Inconsistent name for term access query (Drupal 7 and Drupal 8)
* Incorrect cache context on password reset page (Drupal 8)
* Confirmation forms allow external URLs to be injected (Drupal 7)
* Denial of service via transliterate mechanism (Drupal 8)

Thanks

-- 
Pere Orga

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ