oss-sec mailing list archives

CVE requests for Drupal core (SA-CORE-2016-005)

From: Pere Orga <pere () orga cat>
Date: Fri, 18 Nov 2016 11:22:09 +0100

Hi

Please can I have CVE IDs assigned to the following Drupal
vulnerabilities (see https://www.drupal.org/SA-CORE-2016-005):

* Inconsistent name for term access query (Drupal 7 and Drupal 8)
* Incorrect cache context on password reset page (Drupal 8)
* Confirmation forms allow external URLs to be injected (Drupal 7)
* Denial of service via transliterate mechanism (Drupal 8)

Thanks

-- 
Pere Orga

Current thread:

CVE requests for Drupal core (SA-CORE-2016-005) Pere Orga (Nov 18)
- Re: CVE requests for Drupal core (SA-CORE-2016-005) cve-assign (Nov 18)