[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request for Drupal contributed modules
From: cve-assign () mitre ! org
Date: 2014-07-31 6:35:39
Message-ID: 20140731063539.BCF301F02E4 () smtpksrv1 ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> We'd like to request CVE identifiers for:
> SA-CONTRIB-2014-073- Date - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2312609
Use CVE-2014-5169.
> SA-CONTRIB-2014-074 - Storage API - Code execution
> https://www.drupal.org/node/2312769
Use CVE-2014-5170. This can be characterized as an implementation
error in setting up a defense in depth mechanism. In other words, the
module maintainer was supposed to obtain .htaccess file content from
one resource, but instead obtained .htaccess file content from a wrong
or obsolete resource.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJT2eMhAAoJEKllVAevmvmsCK8H/A3eA35sDLP0kSzujR9ioSgP
WphxIIvZ4JEp0pnqFO1wlUvAISON4jtSEAyo4t+ts8EIPB4Xhc1AMi/wc1VArOTD
18DUYBIso1RbcSL+pRs8/1fx68ylc27Pj5mW+LM2QxK32Vjqc2r1grlKWA/6omX+
VBFEzh7BxvGvO+l5CR64ZrQiQrEMPi9cgp2fIMnkdSxDxbsokUWuiMjmwRuF6zLO
o2nlVk3EnGTHDPzlcj+uBEReADSkFnKYjslZj/vf/M/MBWJ0HcNyspUK67aqQje1
sPECKPf5w3uToR0vJSbx83aiMCtWvxybGxD0+Wkg8r+k4B3WCqH+yX6F4SQIwzQ=
=hNAC
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic