oss-sec mailing list archives
Re: CVE request for Drupal core, and contributed modules
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 19 Dec 2012 21:16:11 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/19/2012 02:28 PM, Forest Monsen wrote:
Hello! I'd like to request CVE identifiers for several issues with core and contributed modules: SA-CORE-2012-166: Multiple vulnerabilities http://drupal.org/SA-CORE-2012-004 (Looks like three identifiers necessary here?)
Access bypass (User module search - Drupal 6 and 7) Please use CVE-2012-5651 for this issue. Access bypass (Upload module - Drupal 6) Please use CVE-2012-5652 for this issue. Arbitrary PHP code execution (File upload modules - Drupal 6 and 7) Please use CVE-2012-5653 for this issue.
SA-CONTRIB-2012-173 - Nodewords: Information disclosure http://drupal.org/node/1859282
Please use CVE-2012-5654 for this issue.
SA-CONTRIB-2012-174 - Context - Information Disclosure http://drupal.org/node/1870550
Please use CVE-2012-5655 for this issue.
Thanks, Forest
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ0pEKAAoJEBYNRVNeJnmT3m8P/AtLcWrUckVnBEoARQfphuqE dV5FlHBOyX+vrmapMl/4LgqSnSdjG4LCiCwyJ/meZlGF1dkuSutRAZq/gVp6lEY9 y6upxe/UnMZjroTeS9bUE/SqIM0IG/gqisW59BrHOgaIsERMowoDhLVp0mAcML5R IxrPQWLACceoEtVbEcKndh5slp8uOnyYOv1MTRuST66OB0rln+RlHwb77guR30Fu lkk98to73WLs8tSGrKXUaBt9XlpXgPgvHsFRs5TCkftBmoc8QMeZPWYEZz2RSnar 98zPexrZ4ijdA9raBnanBEbQsdmITV/uOc1+P6f0wfZ1VtuICktolBytJiOY+Lxx zSq+EJkr/lqF/BEhGjrBvYH9gDGy1BeBgBiVWMIUfdH2q6jUQUbnqfWW+wR9csG3 6LM1exHklb0/ahIBTqmIOrNpLbkGqPO21daDinehEg/45b0BANbNSP7nwxZZpHfT 1VajmwDAcApdO/VRD2AKReylNhungmG1Fc7lakJPH9b3/P8ZVF5K1pdhmjzOJNwg nKTZI7GRlKckqETd8Iy/5t+raKPQTvGu+kJwAouObHx1Mkn6b7bpVqWgVlu8R08j rGAkmmvBrY78k7szzpOiJ7OoGmB5wb44X122yLUSX2UP7j6dZZVeiCVBhz5odWZI zKZpPsD6mdLYojwkUeMj =hfqG -----END PGP SIGNATURE-----
Current thread:
- CVE request for Drupal core, and contributed modules Forest Monsen (Dec 19)
- Re: CVE request for Drupal core, and contributed modules Kurt Seifried (Dec 19)