Re: Re: [security] Drupal CORE and Drupal Contrib

[Greg Knaddison <greg.knaddison () acquia com>]

Thanks, Kurt. These are all updated now.

We have a new Drupal 7 core release planned for March 28th that will
likely include some issues. I will mail you March 26th with
descriptions of any issues that we plan to release on the 28th. This
fact is public in our community but I don't expect you to have seen
the news.

Regards,
Greg

On Mon, Mar 19, 2012 at 12:33 PM, Kurt Seifried <kseifried () redhat com> wrote:
> On 03/16/2012 04:40 PM, Greg Knaddison wrote:
> > Hi Kurt,
> >
> > We started considering associating CVEs with our Security Advisories
> > (SAs) in September of 2011. At the time we discussed it with Josh
> > Bressers, Jan Lieskovsky, Steven M. Christey and decided that it would
> > only be practical to do it for Drupal core for now and we could
> > considering doing it for contrib in the future. Since that discussion
> > there has only been one SA for Drupal core which I think has the CVEs
> > on it: SA-CORE-2012-001 - Drupal core multiple vulnerabilities -
> > http://drupal.org/node/1425084
> >
> > Is there another SA for core that I'm not considering? Is there a
> > better way to list the CVE numbers?
> >
> > There have been several SAs for contributed modules and we would
> > gladly update them with CVEs. If you can send an email with a link to
> > the SA and the CVE-id to use that would be great.
>
> Ok starting with core:
>
> http://drupal.org/node/1231510
> SA-CORE-2011-003 - Drupal core - Access bypass
> This was already assigned CVE-2011-2726
>
> http://drupal.org/node/1204582
> SA-CORE-2011-002 - Drupal core - Access bypass
> This was already assigned CVE-2011-2687
>
> http://drupal.org/node/1168756
> SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities
> Can't find any CVE's, do they need to be assigned?
>
>
>
>
> --
> Kurt Seifried Red Hat Security Response Team (SRT)



-- 
Director Security Services | +1-720-310-5623
Skype: greg.knaddison | http://twitter.com/greggles | http://acquia.com