[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request for Drupal contributed modules
From:       cve-assign () mitre ! org
Date:       2014-07-31 6:35:39
Message-ID: 20140731063539.BCF301F02E4 () smtpksrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> We'd like to request CVE identifiers for:

> SA-CONTRIB-2014-073- Date - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2312609

Use CVE-2014-5169.


> SA-CONTRIB-2014-074 - Storage API - Code execution
> https://www.drupal.org/node/2312769

Use CVE-2014-5170. This can be characterized as an implementation
error in setting up a defense in depth mechanism. In other words, the
module maintainer was supposed to obtain .htaccess file content from
one resource, but instead obtained .htaccess file content from a wrong
or obsolete resource.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT2eMhAAoJEKllVAevmvmsCK8H/A3eA35sDLP0kSzujR9ioSgP
WphxIIvZ4JEp0pnqFO1wlUvAISON4jtSEAyo4t+ts8EIPB4Xhc1AMi/wc1VArOTD
18DUYBIso1RbcSL+pRs8/1fx68ylc27Pj5mW+LM2QxK32Vjqc2r1grlKWA/6omX+
VBFEzh7BxvGvO+l5CR64ZrQiQrEMPi9cgp2fIMnkdSxDxbsokUWuiMjmwRuF6zLO
o2nlVk3EnGTHDPzlcj+uBEReADSkFnKYjslZj/vf/M/MBWJ0HcNyspUK67aqQje1
sPECKPf5w3uToR0vJSbx83aiMCtWvxybGxD0+Wkg8r+k4B3WCqH+yX6F4SQIwzQ=
=hNAC
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]