oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Drupal Data-module multiple vulnerabilities

From: Josh Bressers <bressers () redhat com>
Date: Tue, 26 Jul 2011 15:32:26 -0400 (EDT)


----- Original Message -----

These issues does not have CVE-identifiers. Could we get one?

http://seclists.org/fulldisclosure/2011/Feb/219

I asked from Justin Klein Keane and he wasn't aware of CVE-identifier.
I think this needs identifier even this is an alpha release as this
module is used by some production instances. If I am correct two
identifiers should be enough. One for XSS and another for SQL
injections.

Discussion about the issue: http://drupal.org/node/1056470



Please use CVE-2011-2714 for the XSS.

CVE-2011-2715 is for the SQL injection.

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: