oss-sec mailing list archives
CVE Request for Drupal contributed modules
From: Greg Knaddison <greg.knaddison () acquia com>
Date: Wed, 2 May 2012 18:53:05 -0600
Hello, First, thanks to Kurt for getting us CVEs in advance on Drupal core's latest release at http://drupal.org/node/1557938 with CVEs on each issue. This is a CVE request for the following contributed module issues: http://drupal.org/node/1558248 SA-CONTRIB-2012-072 - cctags - Cross Site Scripting (XSS) http://drupal.org/node/1557874 SA-CONTRIB-2012-071 - Glossify - Cross Site Scripting (XSS) - Unsupported http://drupal.org/node/1557872 SA-CONTRIB-2012-070 - Taxonomy Grid : Catalog - Cross Site Scripting (XSS) - Unsupported http://drupal.org/node/1557868 SA-CONTRIB-2012-069 - Addressbook - Multiple vulnerabilities - Unsupported http://drupal.org/node/1557852 SA-CONTRIB-2012-068 - Node Gallery - Cross Site Request Forgery (CSRF) - Unsupported http://drupal.org/node/1547738 SA-CONTRIB-2012-067 - Linkit - Access bypass http://drupal.org/node/1547736 SA-CONTRIB-2012-066 - Spaces and Spaces OG - Access Bypass http://drupal.org/node/1547686 SA-CONTRIB-2012-065 - Sitedoc - Information disclosure http://drupal.org/node/1547674 SA-CONTRIB-2012-064 - Ubercart - Multiple vulnerabilities http://drupal.org/node/1547660 SA-CONTRIB-2012-063 - RealName - Cross Site Scripting (XSS) http://drupal.org/node/1547520 SA-CONTRIB-2012-062 - Creative Commons - Cross Site Scripting (XSS) Other issues from 2012 that don't have a CVE per your policies: http://drupal.org/node/1515282 SA-CONTRIB-2012-056 - Janrain Engage - Sensitive Data Protection Vulnerability http://drupal.org/node/1506542 SA-CONTRIB-2012-050 - CDN2 Video - Unsupported Thanks, Greg -- Director Security Services | +1-720-310-5623 Skype: greg.knaddison | http://twitter.com/greggles | http://acquia.com
Current thread:
- CVE Request for Drupal contributed modules Greg Knaddison (May 02)
- Re: CVE Request for Drupal contributed modules Kurt Seifried (May 02)
- <Possible follow-ups>
- CVE Request for Drupal contributed modules Greg Knaddison (May 30)
- Re: CVE Request for Drupal contributed modules Greg Knaddison (Jun 04)
- Re: CVE Request for Drupal contributed modules Solar Designer (Jun 04)
- Re: CVE Request for Drupal contributed modules Greg Knaddison (Jun 04)
- Re: CVE Request for Drupal contributed modules Greg Knaddison (Jun 04)
- Re: CVE Request for Drupal contributed modules Kurt Seifried (Jun 13)
- Re: CVE Request for Drupal contributed modules Henri Salo (Jun 14)
- Re: CVE Request for Drupal contributed modules Kurt Seifried (Jun 15)
- Re: CVE Request for Drupal contributed modules Steven M. Christey (Jun 27)