oss-sec mailing list archives
Re: [security] [oss-security] CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054
From: Derek Wright <drupal () dwwright net>
Date: Tue, 4 Jun 2013 15:51:23 -0400
I updated https://drupal.org/node/1337006 accordingly. Thanks, -Derek Wright (dww) of the Drupal Security Team On Jun 4, 2013, at 2:42 PM, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/04/2013 10:07 AM, Henri Salo wrote:This does not seem to have CVE yet. Please assign. Drupal guys could you confirm, thanks. Advisory ID: DRUPAL-SA-CONTRIB-2011-054 Project: CKEditor - WYSIWYG HTML editor (third-party module) Version: 7.x Date: 2011-November-09 Security risk: Critical Exploitable from: Remote Vulnerability: Access bypass Versions affected: CKEditor 7.x-1.4 version only Solution: Upgrade to CKEditor 7.x-1.5 https://drupal.org/node/1337006 http://osvdb.org/77005 http://secunia.com/advisories/46772/ --- Henri SaloPlease use CVE-2011-4972 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRrjULAAoJEBYNRVNeJnmTZuMQAIa2xfRWpbwfe9LCKbsC7xal XnAJZE8xSty/8ixGajcZjOZ8RlcZ37eLGxcfNNE4/7QsxZGZ6eH/y98DndkL9ncX eRkukrlLDwgH0WnoXK84RT5PQuUmECmHC6JE1HkPW58IHQlHC/90j2ZGYX8xecqO nXpL4JKqoFPU5vFTp4A1H31X4QvZkKEqdw+FFh9P7vM27gOyZuu7cvSeAWABygbr QzKQ/BYk6Ivc1kUnhX0N6lFOxCzliGY2c2tGHDU+yEvnHQmCKk1NOUgfEU0lWZTd hTC6Bbh3FWdISl28qPjE1K/Ay55xXNZJaG+dhbPdRiZ0ONvphJbj8EB4W7P4NfHo aKItCZuyn9vN72x8ScDulwkCU4smI0lAOw2hB+02mYJPZh2OXpbsbqTj/6n++/U7 hzA/nGs7gl4OXtYz4DCM9Hk5Un783TYt6eOguaJULHeraxrITf+u6ghPNWHufbG7 bUoTnRBc3ody4lGpEFK1mMTBmMJ6XIK87I4+CYMmKpNICjVcorglRyidKvhjAOyZ 7Vvg7IQfu6iJBHl+kWrTfMgc1IVsuRcaAeciZNPVFezxCAhulJpesbz/isftHn2r 6Ivwj+m4feivCGLlZ6/ey3dfU83D2PP9ulJeiYJvTLyXaOdfXeNXtL41uKefeih9 S5MKxDC9JnSgu1o5DLED =v3qw -----END PGP SIGNATURE----- -- [ Security | http://lists.drupal.org/mailman/listinfo/security ] [Security team mailing list management and scheduling is documented here | https://security.drupal.org/handling-list-emails]
Current thread:
- CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Henri Salo (Jun 04)
- Re: CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Kurt Seifried (Jun 04)
- Re: [security] [oss-security] CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Derek Wright (Jun 04)
- Re: CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Kurt Seifried (Jun 04)