[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request for Drupal contributed modules
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-11-29 3:20:27
Message-ID: 50B6D47B.2090201 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/28/2012 05:07 PM, Forest Monsen wrote:
> Here's a batch CVE request for several previously published and
> resolved issues (except for SA-CONTRIB-2012-171, which was never
> resolved) in contributed modules for the Drupal project:
>
> ###
>
> SA-CONTRIB-2012-166 - Table of Contents - Access Bypass
> http://drupal.org/node/1841046
Please use CVE-2012-5584 for this issue.
> SA-CONTRIB-2012-167 - Mixpanel - Cross site scripting (XSS)
> http://drupal.org/node/1853198
Please use CVE-2012-5585 for this issue.
> SA-CONTRIB-2012-168 - Services - Information Disclosure
> http://drupal.org/node/1853200
Please use CVE-2012-5586 for this issue.
> SA-CONTRIB-2012-169 - Email Field - Cross Site Scripting and Access
> bypass http://drupal.org/node/1853214
Please use CVE-2012-5587 for this issue XSS
Please use CVE-2012-5588 for this issue Access bypass
> SA-CONTRIB-2012-170 - MultiLink - Access Bypass
> http://drupal.org/node/1853244
Please use CVE-2012-5589 for this issue.
> SA-CONTRIB-2012-171 - Webmail Plus - SQL injection - (unsupported)
> http://drupal.org/node/1853268
Please use CVE-2012-5590 for this issue.
> SA-CONTRIB-2012-172 - Zero Point - Cross Site Scripting (XSS)
> http://drupal.org/node/1853376
Please use CVE-2012-5591 for this issue.
> ###
>
> Thanks!
>
> Forest
Summary:
CVE-2012-5584 Drupal SA-CONTRIB-2012-166
CVE-2012-5585 Drupal SA-CONTRIB-2012-167
CVE-2012-5586 Drupal SA-CONTRIB-2012-168
CVE-2012-5587 Drupal SA-CONTRIB-2012-169 XSS
CVE-2012-5588 Drupal SA-CONTRIB-2012-169 Access Bypass
CVE-2012-5589 Drupal SA-CONTRIB-2012-170
CVE-2012-5590 Drupal SA-CONTRIB-2012-171
CVE-2012-5591 Drupal SA-CONTRIB-2012-172
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQttR7AAoJEBYNRVNeJnmThV0QAKi2PwpbBHGVb4TMhdACMb2E
fHYS3ZYn8FyyQ0zkFq03I3e4aEqugT0PPSlvtfJ3czR4YrJtwS8oc0rR8AZ6qWh5
+o/ZLZQeYy0uVFCJY8IAg22chIv1gaR97cBrfOvU0nJdUKxdLDE/K3nZ4BqBNHzT
/XyZcbyaMbE9dpOGY8UTlnIbZjcUcqfTvdOCZpI557+GQDyvx3bfgKAramfpTHUS
U1sNUoRyJ+kTaEI4Auj+8mqvURenE6k/Yv9XLPzQ3Jqo7kdaHc5fkoU8nX+SRTmR
3UnN4cTt8dQ5NxSu5E1ele+oLhTWxgl+WMdyzlTqB6KzgK9MRpPeeK8JRZU7oVYT
ssChzFYSpLM+Sn2v8D1A+R8fkVqkN9qlkM/Tvz23tSHLcPgXfazjhiJsY0xzRbEG
Z/yR8Ra9lzV1vuQLGfp3xqV4qVT1CUNOJJUdLvRe8DFcG7dM71AqLu9k0Xkv2ZVm
cEwJFSJHeu9jtISXZDvyG4zvZ7hY2VI+Irr4v17mUZMxy9qr2rWhRCduXd2Gp5IG
+EfY7mwiKmOfMhK6lWp1pDbDAXl34fIsz6n0Rb+TfQ2+HaleStg1Qa/9zWrk4Qce
FLte/nAOTVa5b/FnuWhsbyCCgv6wMAmuJLiey5x7MqX0w3Kd8vrUTk2y4cnrXZG/
gummamOH+PE8boxI2GTd
=C7C1
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic