oss-sec mailing list archives

CVE requests for Drupal Core - SA-CORE-2016-002

From: Pere Orga <pere () orga cat>
Date: Wed, 13 Jul 2016 10:12:23 +0200

Hi

Please can I have CVE IDs assigned to the following Drupal
vulnerabilities (see https://www.drupal.org/SA-CORE-2016-002):

Saving user accounts can sometimes grant the user all roles (User
module - Drupal 7 - Moderately Critical)
Views can allow unauthorized users to see Statistics information
(Views module - Drupal 8 - Less Critical)

And for the Views contrib module (SA-CONTRIB-2016-036)
https://www.drupal.org/node/2749333

Thanks
Pere Orga on behalf of the Drupal Security team

Current thread:

CVE requests for Drupal Core - SA-CORE-2016-002 Pere Orga (Jul 13)
- Re: CVE requests for Drupal Core - SA-CORE-2016-002 cve-assign (Jul 13)