Candidate: CVE-2016-6211
PublicDate: 2016-09-09 14:05:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6211
 https://www.drupal.org/SA-CORE-2016-002
 http://www.openwall.com/lists/oss-security/2016/07/13/4
Description:
 The User module in Drupal 7.x before 7.44 allows remote authenticated users
 to gain privileges via vectors involving contributed or custom code that
 triggers a rebuild of the user profile form.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_drupal6:
upstream_drupal6: needs-triage
precise_drupal6: ignored (reached end-of-life)
precise/esm_drupal6: DNE (precise was needs-triage)
trusty_drupal6: DNE
trusty/esm_drupal6: DNE
vivid/ubuntu-core_drupal6: DNE
vivid/stable-phone-overlay_drupal6: DNE
wily_drupal6: DNE
xenial_drupal6: DNE
yakkety_drupal6: DNE
zesty_drupal6: DNE
artful_drupal6: DNE
bionic_drupal6: DNE
cosmic_drupal6: DNE
disco_drupal6: DNE
eoan_drupal6: DNE
focal_drupal6: DNE
groovy_drupal6: DNE
hirsute_drupal6: DNE
impish_drupal6: DNE
jammy_drupal6: DNE
devel_drupal6: DNE

Patches_drupal7:
upstream_drupal7: released (7.44-1)
precise_drupal7: ignored (reached end-of-life)
precise/esm_drupal7: DNE (precise was needed)
trusty_drupal7: ignored (reached end-of-life)
trusty/esm_drupal7: DNE (trusty was needed)
vivid/stable-phone-overlay_drupal7: DNE
vivid/ubuntu-core_drupal7: DNE
wily_drupal7: ignored (reached end-of-life)
xenial_drupal7: ignored (end of standard support, was needed)
yakkety_drupal7: not-affected (7.44-1ubuntu1)
zesty_drupal7: not-affected (7.44-1ubuntu1)
artful_drupal7: not-affected (7.44-1ubuntu1)
bionic_drupal7: DNE
cosmic_drupal7: DNE
disco_drupal7: DNE
eoan_drupal7: DNE
focal_drupal7: DNE
groovy_drupal7: DNE
hirsute_drupal7: DNE
impish_drupal7: DNE
jammy_drupal7: DNE
devel_drupal7: DNE