[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request for Drupal contributed modules
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-11-29 3:20:27
Message-ID: 50B6D47B.2090201 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/28/2012 05:07 PM, Forest Monsen wrote:
> Here's a batch CVE request for several previously published and 
> resolved issues (except for SA-CONTRIB-2012-171, which was never 
> resolved) in contributed modules for the Drupal project:
> 
> ###
> 
> SA-CONTRIB-2012-166 - Table of Contents - Access Bypass 
> http://drupal.org/node/1841046

Please use CVE-2012-5584 for this issue.

> SA-CONTRIB-2012-167 - Mixpanel - Cross site scripting (XSS) 
> http://drupal.org/node/1853198

Please use CVE-2012-5585 for this issue.

> SA-CONTRIB-2012-168 - Services - Information Disclosure 
> http://drupal.org/node/1853200

Please use CVE-2012-5586 for this issue.

> SA-CONTRIB-2012-169 - Email Field - Cross Site Scripting and Access
> bypass http://drupal.org/node/1853214

Please use CVE-2012-5587 for this issue XSS
Please use CVE-2012-5588 for this issue Access bypass

> SA-CONTRIB-2012-170 - MultiLink - Access Bypass 
> http://drupal.org/node/1853244

Please use CVE-2012-5589 for this issue.

> SA-CONTRIB-2012-171 - Webmail Plus - SQL injection - (unsupported) 
> http://drupal.org/node/1853268

Please use CVE-2012-5590 for this issue.

> SA-CONTRIB-2012-172 - Zero Point - Cross Site Scripting (XSS) 
> http://drupal.org/node/1853376

Please use CVE-2012-5591 for this issue.

> ###
> 
> Thanks!
> 
> Forest

Summary:

CVE-2012-5584 Drupal SA-CONTRIB-2012-166
CVE-2012-5585 Drupal SA-CONTRIB-2012-167
CVE-2012-5586 Drupal SA-CONTRIB-2012-168
CVE-2012-5587 Drupal SA-CONTRIB-2012-169 XSS
CVE-2012-5588 Drupal SA-CONTRIB-2012-169 Access Bypass
CVE-2012-5589 Drupal SA-CONTRIB-2012-170
CVE-2012-5590 Drupal SA-CONTRIB-2012-171
CVE-2012-5591 Drupal SA-CONTRIB-2012-172

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQttR7AAoJEBYNRVNeJnmThV0QAKi2PwpbBHGVb4TMhdACMb2E
fHYS3ZYn8FyyQ0zkFq03I3e4aEqugT0PPSlvtfJ3czR4YrJtwS8oc0rR8AZ6qWh5
+o/ZLZQeYy0uVFCJY8IAg22chIv1gaR97cBrfOvU0nJdUKxdLDE/K3nZ4BqBNHzT
/XyZcbyaMbE9dpOGY8UTlnIbZjcUcqfTvdOCZpI557+GQDyvx3bfgKAramfpTHUS
U1sNUoRyJ+kTaEI4Auj+8mqvURenE6k/Yv9XLPzQ3Jqo7kdaHc5fkoU8nX+SRTmR
3UnN4cTt8dQ5NxSu5E1ele+oLhTWxgl+WMdyzlTqB6KzgK9MRpPeeK8JRZU7oVYT
ssChzFYSpLM+Sn2v8D1A+R8fkVqkN9qlkM/Tvz23tSHLcPgXfazjhiJsY0xzRbEG
Z/yR8Ra9lzV1vuQLGfp3xqV4qVT1CUNOJJUdLvRe8DFcG7dM71AqLu9k0Xkv2ZVm
cEwJFSJHeu9jtISXZDvyG4zvZ7hY2VI+Irr4v17mUZMxy9qr2rWhRCduXd2Gp5IG
+EfY7mwiKmOfMhK6lWp1pDbDAXl34fIsz6n0Rb+TfQ2+HaleStg1Qa/9zWrk4Qce
FLte/nAOTVa5b/FnuWhsbyCCgv6wMAmuJLiey5x7MqX0w3Kd8vrUTk2y4cnrXZG/
gummamOH+PE8boxI2GTd
=C7C1
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic