oss-sec mailing list archives
Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)
From: Pere Orga <pere () orga cat>
Date: Sat, 24 Oct 2015 18:45:21 +0200
On Wed, Oct 21, 2015 at 1:50 PM, Evans, Jonathan L. <jevans () mitre org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE IDs were assigned by MITRE to most of the vulnerabilities in SA-CONTRIB-2015-132 through SA-CONTRIB-2015-151 before this request was made. To help avoid duplicates, we request that you check the existing IDs before asking for a new one.
Ok, sorry for that. [..]
SA-CONTRIB-2015-138 - Compass Rose - Cross Site Scripting (XSS) https://www.drupal.org/node/2546174The advisory is not clear whether the vulnerability is in the unnamed Javascript library or the Compass Rose module. If the former, we need to know the name of the library to ensure we do not issue a duplicate ID.
The vulnerability is in the Compass Rose module, not in the jQueryRotate library. Thanks Regards Pere
Current thread:
- CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga (Oct 14)
- <Possible follow-ups>
- Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Evans, Jonathan L. (Oct 21)
- Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga (Oct 24)
- CVE Requests for read out of bound in libpng xiaoqixue_1 (Oct 25)
- Re: CVE Requests for read out of bound in libpng cve-assign (Oct 26)
- RE: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Evans, Jonathan L. (Oct 26)
- Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga (Oct 24)