Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Nov 2016 11:22:09 +0100
From: Pere Orga <>
Cc: Drupal Security Team <>
Subject: CVE requests for Drupal core (SA-CORE-2016-005)


Please can I have CVE IDs assigned to the following Drupal
vulnerabilities (see

* Inconsistent name for term access query (Drupal 7 and Drupal 8)
* Incorrect cache context on password reset page (Drupal 8)
* Confirmation forms allow external URLs to be injected (Drupal 7)
* Denial of service via transliterate mechanism (Drupal 8)


Pere Orga

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ