oss-sec mailing list archives
Re: CVE request: Drupal Data-module multiple vulnerabilities
From: Josh Bressers <bressers () redhat com>
Date: Tue, 26 Jul 2011 15:32:26 -0400 (EDT)
----- Original Message -----
These issues does not have CVE-identifiers. Could we get one? http://seclists.org/fulldisclosure/2011/Feb/219 I asked from Justin Klein Keane and he wasn't aware of CVE-identifier. I think this needs identifier even this is an alpha release as this module is used by some production instances. If I am correct two identifiers should be enough. One for XSS and another for SQL injections. Discussion about the issue: http://drupal.org/node/1056470
Please use CVE-2011-2714 for the XSS. CVE-2011-2715 is for the SQL injection. Thanks. -- JB
Current thread:
- CVE request: Drupal Data-module multiple vulnerabilities Henri Salo (Jul 24)
- Re: CVE request: Drupal Data-module multiple vulnerabilities Josh Bressers (Jul 26)