AVG-74

Package drupal
Status Fixed
Severity Medium
Type multiple issues
Affected 8.2.2-1
Fixed 8.2.3-1
Current 8.4.5-1 [community]
Ticket None
Created Sat Nov 19 20:44:58 2016
Issue Severity Remote Type Description
CVE-2016-9452 Medium Yes Denial of service
A specially crafted URL can cause a denial of service via the transliterate mechanism.
CVE-2016-9450 Low Yes Content spoofing
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
CVE-2016-9449 Low Yes Information disclosure
Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict...
Date Advisory Package Description
19 Nov 2016 ASA-201611-20 drupal multiple issues
References
https://www.drupal.org/SA-CORE-2016-005
http://www.openwall.com/lists/oss-security/2016/11/18/8