Re: CVE request for Drupal core, and contributed modules

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/19/2012 02:28 PM, Forest Monsen wrote:
> Hello! I'd like to request CVE identifiers for several issues with 
> core and contributed modules:
>
> SA-CORE-2012-166: Multiple vulnerabilities 
> http://drupal.org/SA-CORE-2012-004 (Looks like three identifiers
> necessary here?)

Access bypass (User module search - Drupal 6 and 7)
Please use CVE-2012-5651 for this issue.

Access bypass (Upload module - Drupal 6)
Please use CVE-2012-5652 for this issue.

Arbitrary PHP code execution (File upload modules - Drupal 6 and 7)
Please use CVE-2012-5653 for this issue.

> SA-CONTRIB-2012-173 - Nodewords: Information disclosure 
> http://drupal.org/node/1859282

Please use CVE-2012-5654 for this issue.

> SA-CONTRIB-2012-174 - Context - Information Disclosure 
> http://drupal.org/node/1870550

Please use CVE-2012-5655 for this issue.

> Thanks, Forest

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ0pEKAAoJEBYNRVNeJnmT3m8P/AtLcWrUckVnBEoARQfphuqE
dV5FlHBOyX+vrmapMl/4LgqSnSdjG4LCiCwyJ/meZlGF1dkuSutRAZq/gVp6lEY9
y6upxe/UnMZjroTeS9bUE/SqIM0IG/gqisW59BrHOgaIsERMowoDhLVp0mAcML5R
IxrPQWLACceoEtVbEcKndh5slp8uOnyYOv1MTRuST66OB0rln+RlHwb77guR30Fu
lkk98to73WLs8tSGrKXUaBt9XlpXgPgvHsFRs5TCkftBmoc8QMeZPWYEZz2RSnar
98zPexrZ4ijdA9raBnanBEbQsdmITV/uOc1+P6f0wfZ1VtuICktolBytJiOY+Lxx
zSq+EJkr/lqF/BEhGjrBvYH9gDGy1BeBgBiVWMIUfdH2q6jUQUbnqfWW+wR9csG3
6LM1exHklb0/ahIBTqmIOrNpLbkGqPO21daDinehEg/45b0BANbNSP7nwxZZpHfT
1VajmwDAcApdO/VRD2AKReylNhungmG1Fc7lakJPH9b3/P8ZVF5K1pdhmjzOJNwg
nKTZI7GRlKckqETd8Iy/5t+raKPQTvGu+kJwAouObHx1Mkn6b7bpVqWgVlu8R08j
rGAkmmvBrY78k7szzpOiJ7OoGmB5wb44X122yLUSX2UP7j6dZZVeiCVBhz5odWZI
zKZpPsD6mdLYojwkUeMj
=hfqG
-----END PGP SIGNATURE-----