oss-sec mailing list archives
CVE Request for Drupal Contributed Modules
From: Forest Monsen <forest.monsen () gmail com>
Date: Sat, 17 Nov 2012 21:29:33 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! Here's a batch CVE request for a number of previously published and resolved issues with contributed modules for the Drupal project. As noted in http://www.openwall.com/lists/oss-security/2012/11/05/4, I have volunteered to coordinate our CVE requests. Forest Monsen, on behalf of the Drupal Security Team - - SA-CONTRIB-2012-146 - Simplenews Scheduler - Arbitrary code execution http://drupal.org/node/1789284 - - SA-CONTRIB-2012-147 - FileField Sources - Cross Site Scripting (XSS) http://drupal.org/node/1789306 - - SA-CONTRIB-2012-148 - Organic Groups - Access Bypass http://drupal.org/node/1796036 - - SA-CONTRIB-2012-149 - Hostip - Cross Site Scripting (XSS) http://drupal.org/node/1802218 - - SA-CONTRIB-2012-150 - Twitter Pull - Cross Site Scripting (XSS) http://drupal.org/node/1802230 - - SA-CONTRIB-2012-151 - Commerce Extra Panes - Cross Site Request Forgery http://drupal.org/node/1802258 - - SA-CONTRIB-2012-152 - Feeds - Access bypass http://drupal.org/node/1808832 - - SA-CONTRIB-2012-153 - Mandrill - Information Disclosure http://drupal.org/node/1808846 - - SA-CONTRIB-2012-154 - Basic webmail - Cross Site Scripting http://drupal.org/node/1808852 - - SA-CONTRIB-2012-154 - Basic webmail - Information Disclosure http://drupal.org/node/1808852 - - SA-CONTRIB-2012-155 - ShareThis - Cross Site Scripting (XSS) http://drupal.org/node/1808856 - - SA-CONTRIB-2012-156 - Search API - Cross Site Request Forgery (CSRF) http://drupal.org/node/1815770 - - SA-CONTRIB-2012-157 - Time Spent - Cross Site Scripting (XSS) http://drupal.org/node/1822066 - - SA-CONTRIB-2012-157 - Time Spent - Cross Site Request Forgery (CSRF) http://drupal.org/node/1822066 - - SA-CONTRIB-2012-157 - Time Spent - SQL Injection http://drupal.org/node/1822066 - - SA-CONTRIB-2012-158 - MailChimp - Cross Site Scripting (XSS) http://drupal.org/node/1822166 - - SA-CONTRIB-2012-159 - Password policy - Information disclosure http://drupal.org/node/1828340 - - SA-CONTRIB-2012-160 - OM Maximenu - Cross Site Scripting (XSS) http://drupal.org/node/1834866 - - SA-CONTRIB-2012-161 - Webform CiviCRM Integration - Access Bypass http://drupal.org/node/1834868 - - SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request forgery (CSRF) http://drupal.org/node/1840740 - - SA-CONTRIB-2012-163 - User Read-Only - Permission escalation http://drupal.org/node/1840886 - - SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS) http://drupal.org/node/1840892 - - SA-CONTRIB-2012-165 - Chaos tool suite (ctools) - Cross Site Scripting (XSS) http://drupal.org/node/1840992 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCocjEACgkQ/ILCL9e1Br73XACeIA+9vN5kq9QZ99cbEHtVemyV SxsAn1EN77He3g3ssthVQ/pgBfVPgrR9 =15AA -----END PGP SIGNATURE-----
Current thread:
- CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- <Possible follow-ups>
- CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 04)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- Re: CVE Request for Drupal Contributed Modules Steven M. Christey (Oct 31)
- Re: CVE Request for Drupal Contributed Modules Greg Knaddison (Nov 05)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- CVE Request for Drupal Contributed Modules Forest Monsen (Nov 17)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 25)
- Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 26)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 26)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 28)