oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [security] [oss-security] CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054

From: Derek Wright <drupal () dwwright net>
Date: Tue, 4 Jun 2013 15:51:23 -0400
I updated https://drupal.org/node/1337006 accordingly.

Thanks,
-Derek Wright (dww) of the Drupal Security Team


On Jun 4, 2013, at 2:42 PM, Kurt Seifried wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/04/2013 10:07 AM, Henri Salo wrote:

This does not seem to have CVE yet. Please assign. Drupal guys
could you confirm, thanks.

Advisory ID: DRUPAL-SA-CONTRIB-2011-054 Project: CKEditor - WYSIWYG
HTML editor (third-party module) Version: 7.x Date:
2011-November-09 Security risk: Critical Exploitable from: Remote 
Vulnerability: Access bypass Versions affected: CKEditor 7.x-1.4
version only Solution: Upgrade to CKEditor 7.x-1.5

https://drupal.org/node/1337006 http://osvdb.org/77005 
http://secunia.com/advisories/46772/

--- Henri Salo


Please use CVE-2011-4972  for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRrjULAAoJEBYNRVNeJnmTZuMQAIa2xfRWpbwfe9LCKbsC7xal
XnAJZE8xSty/8ixGajcZjOZ8RlcZ37eLGxcfNNE4/7QsxZGZ6eH/y98DndkL9ncX
eRkukrlLDwgH0WnoXK84RT5PQuUmECmHC6JE1HkPW58IHQlHC/90j2ZGYX8xecqO
nXpL4JKqoFPU5vFTp4A1H31X4QvZkKEqdw+FFh9P7vM27gOyZuu7cvSeAWABygbr
QzKQ/BYk6Ivc1kUnhX0N6lFOxCzliGY2c2tGHDU+yEvnHQmCKk1NOUgfEU0lWZTd
hTC6Bbh3FWdISl28qPjE1K/Ay55xXNZJaG+dhbPdRiZ0ONvphJbj8EB4W7P4NfHo
aKItCZuyn9vN72x8ScDulwkCU4smI0lAOw2hB+02mYJPZh2OXpbsbqTj/6n++/U7
hzA/nGs7gl4OXtYz4DCM9Hk5Un783TYt6eOguaJULHeraxrITf+u6ghPNWHufbG7
bUoTnRBc3ody4lGpEFK1mMTBmMJ6XIK87I4+CYMmKpNICjVcorglRyidKvhjAOyZ
7Vvg7IQfu6iJBHl+kWrTfMgc1IVsuRcaAeciZNPVFezxCAhulJpesbz/isftHn2r
6Ivwj+m4feivCGLlZ6/ey3dfU83D2PP9ulJeiYJvTLyXaOdfXeNXtL41uKefeih9
S5MKxDC9JnSgu1o5DLED
=v3qw
-----END PGP SIGNATURE-----
-- 
[ Security | http://lists.drupal.org/mailman/listinfo/security ]
[Security team mailing list management and scheduling is documented here | 
https://security.drupal.org/handling-list-emails]
Previous By Date Next
Previous By Thread Next

Current thread: