Date: Wed, 28 Sep 2016 21:51:03 +0200 From: Pere Orga <pere@...a.cat> To: oss-security@...ts.openwall.com Cc: Drupal Security Team <security@...pal.org> Subject: CVE Requests for Drupal Core - SA-CORE-2016-004 Hi Please can I have CVE IDs assigned to the following Drupal vulnerabilities (see https://www.drupal.org/SA-CORE-2016-004): Users without "Administer comments" can set comment visibility on nodes they can edit Cross-site Scripting in http exceptions Full config export can be downloaded without administrative permissions Versions affected are all Drupal 8.x versions prior to 8.1.10. Thanks -- Pere Orga on behalf of the Drupal Security team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.