AVG-74 log

Package	drupal
Status	Fixed
Severity	Medium
Type	multiple issues
Affected	8.2.2-1
Fixed	8.2.3-1
Current	10.2.4-1 [extra]
Ticket	None
Created	Sat Nov 19 20:44:58 2016

Issue	Severity	Remote	Type	Description
CVE-2016-9452	Medium	Yes	Denial of service	A specially crafted URL can cause a denial of service via the transliterate mechanism.
CVE-2016-9450	Low	Yes	Content spoofing	The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
CVE-2016-9449	Low	Yes	Information disclosure	Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict...

Issue

Severity

Remote

Type

Description

CVE-2016-9452

Medium

Yes

Denial of service

A specially crafted URL can cause a denial of service via the transliterate mechanism.

CVE-2016-9450

Low

Yes

Content spoofing

The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.

CVE-2016-9449

Low

Yes

Information disclosure

Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict...

Date	Advisory	Package	Type
19 Nov 2016	ASA-201611-20	drupal	multiple issues

References
https://www.drupal.org/SA-CORE-2016-005 http://www.openwall.com/lists/oss-security/2016/11/18/8