oss-sec mailing list archives
Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)
From: Josh Bressers <bressers () redhat com>
Date: Tue, 12 Jul 2011 16:07:09 -0400 (EDT)
Please use CVE-2011-2687. Thanks. -- JB ----- Original Message -----
Hello Josh, Steve, vendors, this: [1] http://drupal.org/node/1204582 From [1]: Access bypass in node listings: ========================================= Listings showing nodes but not JOINing the node table show all nodes regardless of restrictions imposed by the node_access system. In core, this affects the taxonomy and the forum subsystem. ... Versions affected: ================== Drupal 7.0, 7.1 and 7.2. References: ------------ [2] https://bugzilla.redhat.com/show_bug.cgi?id=717874 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385 doesn't seem to have a CVE identifier allocated yet. Could you allocate one? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Jan Lieskovsky (Jul 11)
- Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Josh Bressers (Jul 12)