'Re: [oss-security] Re: CVEs for Drupal contributed modules - January 2015'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVEs for Drupal contributed modules - January 2015
From:       Vasyl Kaigorodov <vkaigoro () redhat ! com>
Date:       2015-01-29 11:58:09
Message-ID: 20150129115809.GD12470 () mail ! corp ! redhat ! com
[Download RAW message or body]


Hello Pere,

> > SA-CONTRIB-2014-004 - Context - Open Redirect
> > https://www.drupal.org/node/2403351

I think this one was assigned CVE-2015-1051 already:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1051

Thanks.
-- 
Vasyl Kaigorodov | Red Hat Product Security
PGP:  0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828
On Thu, 29 Jan 2015, Pere Orga wrote:

> Hi again,
> 
> In my previous email a CVE request was wrong. "SA-CONTRIB-2015-031 -
> GD Infinite Scroll - Open Redirect" should be discarded in favour of:
> 
> SA-CONTRIB-2015-032 - Node Invite - Open Redirect
> https://www.drupal.org/node/2415899
> 
> Sorry for the confusion.
> 
> Many thanks
> Pere Orga on behalf of the Drupal Security Team
> 
> On Thu, Jan 29, 2015 at 12:12 AM, Pere Orga <pere@orga.cat> wrote:
> > Hi
> >
> > I would like to ask CVEs for the following advisories of Drupal
> > contributed modules:
> >
> > SA-CONTRIB-2015-001 - OPAC - Cross-Site Request Forgery (CSRF)
> > https://www.drupal.org/node/2403313
> >
> > SA-CONTRIB-2015-002 - Course - Cross Site Scripting (XSS)
> > https://www.drupal.org/node/2403333
> >
> > SA-CONTRIB-2015-003 - PHPlist Integration Module - SQL Injection
> > https://www.drupal.org/node/2403343
> >
> > SA-CONTRIB-2015-004 - Context - Open Redirect
> > https://www.drupal.org/node/2403351
> >
> > SA-CONTRIB-2015-005 - WikiWiki - SQL injection
> > https://www.drupal.org/node/2403375
> >
> > SA-CONTRIB-2015-006 - Cloudwords for Multilingual Drupal - XSS
> > SA-CONTRIB-2015-006 - Cloudwords for Multilingual Drupal - CSRF
> > https://www.drupal.org/node/2403447
> >
> > SA-CONTRIB-2015-007 - Htaccess - Cross Site Request Forgery (CSRF)
> > https://www.drupal.org/node/2403445
> >
> > SA-CONTRIB-2015-008 - Batch Jobs - Cross Site Request Forgery (CSRF)
> > https://www.drupal.org/node/2403451
> >
> > SA-CONTRIB-2015-009 - Linkit - Cross Site Scripting (XSS)
> > https://www.drupal.org/node/2403459
> >
> > SA-CONTRIB-2015-010 - Log Watcher - Cross Site Request Forgery (CSRF)
> > https://www.drupal.org/node/2403463
> >
> > SA-CONTRIB-2015-011 - Todo Filter - Cross Site Request Forgery (CSRF)
> > https://www.drupal.org/node/2403465
> >
> > SA-CONTRIB-2015-012 - Jammer - Cross Site Request Forgery (CSRF)
> > https://www.drupal.org/node/2403487
> >
> > SA-CONTRIB-2015-013 - Field Display Label - Cross Site Scripting (XSS)
> > https://www.drupal.org/node/2403489
> >
> > SA-CONTRIB-2015-014 - Wishlist - XSS
> > SA-CONTRIB-2015-014 - Wishlist - CSRF
> > https://www.drupal.org/node/2407313
> >
> > SA-CONTRIB-2015-015 - Term Merge - Cross Site Scripting (XSS)
> > https://www.drupal.org/node/2407315
> >
> > SA-CONTRIB-2015-016 - Tadaa! - CSRF
> > SA-CONTRIB-2015-016 - Tadaa! - Open Redirect
> > https://www.drupal.org/node/2407321
> >
> > SA-CONTRIB-2015-017 - Room Reservations - Cross Site Scripting (XSS)
> > https://www.drupal.org/node/2407329
> >
> > SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS)
> > https://www.drupal.org/node/2407341
> >
> > SA-CONTRIB-2015-019 - Ubercart Currency Conversion - Open Redirect
> > https://www.drupal.org/node/2407347
> >
> > SA-CONTRIB-2015-020 - Contact Form Fields - Cross Site Request Forgery (CSRF)
> > https://www.drupal.org/node/2407357
> >
> > SA-CONTRIB-2015-021 - Content Analysis - Cross Site Scripting (XSS)
> > https://www.drupal.org/node/2407395
> >
> > SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS)
> > https://www.drupal.org/node/2407401
> >
> > SA-CONTRIB-2015-023 - Classified Ads - Cross Site Scripting (XSS)
> > https://www.drupal.org/node/2411527
> >
> > SA-CONTRIB-2015-024 - Alfresco - Cross Site Request Forgery (CSRF)
> > https://www.drupal.org/node/2411523
> >
> > SA-CONTRIB-2015-025 - Patterns - Cross Site Request Forgery (CSRF)
> > https://www.drupal.org/node/2411539
> >
> > SA-CONTRIB-2015-026 - Taxonews - Cross Site Scripting (XSS)
> > https://www.drupal.org/node/2411573
> >
> > SA-CONTRIB-2015-027 - Quizzler - Cross Site Scripting (XSS)
> > https://www.drupal.org/node/2411579
> >
> > SA-CONTRIB-2015-028 - Shibboleth Authentication - Cross Site Request
> > Forgery (CSRF)
> > https://www.drupal.org/node/2411737
> >
> > SA-CONTRIB-2015-029 - Corner - Cross Site Request Forgery (CSRF)
> > https://www.drupal.org/node/2411741
> >
> > SA-CONTRIB-2015-030 - Amazon AWS - Access bypass
> > https://www.drupal.org/node/2415873
> >
> > SA-CONTRIB-2015-031 - GD Infinite Scroll - XSS
> > SA-CONTRIB-2015-031 - GD Infinite Scroll - CSRF
> > SA-CONTRIB-2015-031 - GD Infinite Scroll - Open Redirect
> > https://www.drupal.org/node/2415885
> >
> > SA-CONTRIB-2015-032 - Node Invite - XSS
> > SA-CONTRIB-2015-032 - Node Invite - CSRF
> > https://www.drupal.org/node/2415899
> >
> > SA-CONTRIB-2015-033 - Certify - Access bypass
> > SA-CONTRIB-2015-033 - Certify - Information disclosure
> > https://www.drupal.org/node/2415947
> >
> >
> > Many thanks
> > Pere Orga on behalf of the Drupal Security Team

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic