'Re: [oss-security] CVE request: Drupal Data-module multiple'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: Drupal Data-module multiple
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-07-26 19:32:26
Message-ID: 1594226822.1603980.1311708746578.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- Original Message -----
> These issues does not have CVE-identifiers. Could we get one?
> 
> http://seclists.org/fulldisclosure/2011/Feb/219
> 
> I asked from Justin Klein Keane and he wasn't aware of CVE-identifier.
> I think this needs identifier even this is an alpha release as this
> module is used by some production instances. If I am correct two
> identifiers should be enough. One for XSS and another for SQL
> injections.
> 
> Discussion about the issue: http://drupal.org/node/1056470
> 

Please use CVE-2011-2714 for the XSS.

CVE-2011-2715 is for the SQL injection.

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic