Bug 1312388 (CVE-2016-3162, CVE-2016-3163, CVE-2016-3164, CVE-2016-3165, CVE-2016-3166, CVE-2016-3167, CVE-2016-3168, CVE-2016-3169, CVE-2016-3170, CVE-2016-3171)

Summary: CVE-2016-3162 CVE-2016-3163 CVE-2016-3164 CVE-2016-3165 CVE-2016-3166 CVE-2016-3167 CVE-2016-3168 CVE-2016-3169 CVE-2016-3170 CVE-2016-3171 drupal: several issues fixed in 7.43 and 6.38 (SA-CORE-2016-001)
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: ccoleman, dmcphers, gwync, jialiu, joelsmith, jokerman, jsmith.fedora, lmeyer, mmccomas, peter.borsa, stickster, sven
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: drupal 7.43, drupal 6.38 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-20 21:15:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1312390, 1312391, 1312392, 1312394, 1312395    
Bug Blocks:    

Description Andrej Nemec 2016-02-26 15:32:52 UTC 
Several issues were fixed in Drupal 7.43 and Drupal 6.38 core modules:

External references:

https://www.drupal.org/SA-CORE-2016-001
Comment 2 Andrej Nemec 2016-02-26 15:34:35 UTC 
Created drupal7 tracking bugs for this issue:

Affects: fedora-all [bug 1312391]
Affects: epel-all [bug 1312394]
Comment 3 Andrej Nemec 2016-02-26 15:34:44 UTC 
Created drupal6 tracking bugs for this issue:

Affects: fedora-all [bug 1312390]
Affects: epel-all [bug 1312392]
Comment 4 Andrej Nemec 2016-03-16 09:52:50 UTC 
CVE assignments:

http://seclists.org/oss-sec/2016/q1/650
Comment 5 Product Security DevOps Team 2020-05-20 21:15:48 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.