oss-sec mailing list archives

Re: CVE Request -- Drupal v6.16 / v5.22 SA-CORE-2010-001

From: Henri Salo <henri () nerv fi>
Date: Mon, 28 Jun 2010 20:19:40 +0300

On Mon, 08 Mar 2010 20:36:55 +0100
Jan Lieskovsky <jlieskov () redhat com> wrote:

Hi Steve, vendors,

   multiple security issues have been addressed within
SA-CORE-2010-001:

* Installation cross site scripting
* Open redirection
* Locale module cross site scripting
* Blocked user session regeneration

References:
   [1] http://drupal.org/node/731710
   [2]
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036472.html
[3]
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036619.html
[4]
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036583.html

Could you allocate CVE ids for these?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


Did this get CVE-identifiers?

---
Henri Salo

Current thread:

Re: CVE Request -- Drupal v6.16 / v5.22 SA-CORE-2010-001 Henri Salo (Jun 28)
- Re: CVE Request -- Drupal v6.16 / v5.22 SA-CORE-2010-001 Josh Bressers (Jun 28)