oss-sec mailing list archives
Re: CVE request for Drupal contributed modules
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 28 Nov 2012 20:20:27 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/28/2012 05:07 PM, Forest Monsen wrote:
Here's a batch CVE request for several previously published and resolved issues (except for SA-CONTRIB-2012-171, which was never resolved) in contributed modules for the Drupal project: ### SA-CONTRIB-2012-166 - Table of Contents - Access Bypass http://drupal.org/node/1841046
Please use CVE-2012-5584 for this issue.
SA-CONTRIB-2012-167 - Mixpanel - Cross site scripting (XSS) http://drupal.org/node/1853198
Please use CVE-2012-5585 for this issue.
SA-CONTRIB-2012-168 - Services - Information Disclosure http://drupal.org/node/1853200
Please use CVE-2012-5586 for this issue.
SA-CONTRIB-2012-169 - Email Field - Cross Site Scripting and Access bypass http://drupal.org/node/1853214
Please use CVE-2012-5587 for this issue XSS Please use CVE-2012-5588 for this issue Access bypass
SA-CONTRIB-2012-170 - MultiLink - Access Bypass http://drupal.org/node/1853244
Please use CVE-2012-5589 for this issue.
SA-CONTRIB-2012-171 - Webmail Plus - SQL injection - (unsupported) http://drupal.org/node/1853268
Please use CVE-2012-5590 for this issue.
SA-CONTRIB-2012-172 - Zero Point - Cross Site Scripting (XSS) http://drupal.org/node/1853376
Please use CVE-2012-5591 for this issue.
### Thanks! Forest
Summary: CVE-2012-5584 Drupal SA-CONTRIB-2012-166 CVE-2012-5585 Drupal SA-CONTRIB-2012-167 CVE-2012-5586 Drupal SA-CONTRIB-2012-168 CVE-2012-5587 Drupal SA-CONTRIB-2012-169 XSS CVE-2012-5588 Drupal SA-CONTRIB-2012-169 Access Bypass CVE-2012-5589 Drupal SA-CONTRIB-2012-170 CVE-2012-5590 Drupal SA-CONTRIB-2012-171 CVE-2012-5591 Drupal SA-CONTRIB-2012-172 - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQttR7AAoJEBYNRVNeJnmThV0QAKi2PwpbBHGVb4TMhdACMb2E fHYS3ZYn8FyyQ0zkFq03I3e4aEqugT0PPSlvtfJ3czR4YrJtwS8oc0rR8AZ6qWh5 +o/ZLZQeYy0uVFCJY8IAg22chIv1gaR97cBrfOvU0nJdUKxdLDE/K3nZ4BqBNHzT /XyZcbyaMbE9dpOGY8UTlnIbZjcUcqfTvdOCZpI557+GQDyvx3bfgKAramfpTHUS U1sNUoRyJ+kTaEI4Auj+8mqvURenE6k/Yv9XLPzQ3Jqo7kdaHc5fkoU8nX+SRTmR 3UnN4cTt8dQ5NxSu5E1ele+oLhTWxgl+WMdyzlTqB6KzgK9MRpPeeK8JRZU7oVYT ssChzFYSpLM+Sn2v8D1A+R8fkVqkN9qlkM/Tvz23tSHLcPgXfazjhiJsY0xzRbEG Z/yR8Ra9lzV1vuQLGfp3xqV4qVT1CUNOJJUdLvRe8DFcG7dM71AqLu9k0Xkv2ZVm cEwJFSJHeu9jtISXZDvyG4zvZ7hY2VI+Irr4v17mUZMxy9qr2rWhRCduXd2Gp5IG +EfY7mwiKmOfMhK6lWp1pDbDAXl34fIsz6n0Rb+TfQ2+HaleStg1Qa/9zWrk4Qce FLte/nAOTVa5b/FnuWhsbyCCgv6wMAmuJLiey5x7MqX0w3Kd8vrUTk2y4cnrXZG/ gummamOH+PE8boxI2GTd =C7C1 -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request for Drupal Contributed Modules, (continued)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- Re: CVE Request for Drupal Contributed Modules Steven M. Christey (Oct 31)
- Re: CVE Request for Drupal Contributed Modules Greg Knaddison (Nov 05)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- CVE Request for Drupal Contributed Modules Forest Monsen (Nov 17)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 25)
- Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 26)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 26)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 28)