oss-sec mailing list archives
Re: CVE request for Drupal contributed modules
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 09 Aug 2013 22:02:59 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/09/2013 05:29 PM, Forest Monsen wrote:
Hi there, I'd like to request CVE identifiers for... SA-CONTRIB-2013-061 - Flippy - Access Bypass https://drupal.org/node/2054701 SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) - Access Bypass https://drupal.org/node/2059603 SA-CONTRIB-2013-063 - Authenticated User Page Caching (Authcache) - Information Disclosure https://drupal.org/node/2059589 SA-CONTRIB-2013-064 - Persona - Cross site request forgery (CSRF) https://drupal.org/node/2059599 SA-CONTRIB-2013-065 - Organic Groups - Access Bypass https://drupal.org/node/2059765 SA-CONTRIB-2013-066 - Monster Menus - Multiple Vulnerabilities (Looks like two here: XSS, and an Access Bypass vuln) https://drupal.org/node/2059823 Thanks! Best, Forest
Yup CVE-2013-4224 SA-CONTRIB-2013-061 - Flippy - Access Bypass CVE-2013-4225 SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) - Access Bypass CVE-2013-4226 SA-CONTRIB-2013-063 - Authenticated User Page Caching (Authcache) -Information Disclosure CVE-2013-4227 SA-CONTRIB-2013-064 - Persona - Cross site request forgery (CSRF) CVE-2013-4228 SA-CONTRIB-2013-065 - Organic Groups - Access Bypass CVE-2013-4229 SA-CONTRIB-2013-066 - Monster Menus XSS CVE-2013-4230 SA-CONTRIB-2013-066 - Monster Menus Access Bypass - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJSBbtzAAoJEBYNRVNeJnmTEvwQAM2rw6CmcsPea8E6KXbgxKgZ ahuaP4zCV/Nc966X8otYKyQrS6kFtJE4LtqmX7fksaZXg5t7yonRMOrUQr5hF0G9 asw9gsjpOpZHOsW+PNw4JboIb61I52jX9kJw065HLMDr8oaKMVwXd2LOQcIG75Sf 1ZKK/Z1UEdHvc2xX0mL5tzy/lbcVNyu0tCTPDQIcVqUGu45E+qeFOi+ecsxiL6ke GmgGJt2WQJlOgmbhtUM47H4jfAQBa2AZ7KK+3TY5vvz5/1TOGvYL/N6jsoF4EydZ 3uawKi3M1+rX8DzCJyn4t9wyUD20C7tb79ZFl63tGsyJOC6LoDWWFkyNAjF61uSu XsTtEBr4xNIjXM78ZU12EC4KXFfkQznAtm6NtZwojopP+gJ6BFqAc/qmQgxmJiQB J+j8F11YcojhgipH8Zy+Jp1J1dvXpDKPfWnGI8MD+0zCGxBqbUxgcGz9gcRyEJgE Gob2XHf0LrXC30bbyOIWMEbni9o9QKZvekyI6gHYo0wBXBcutcD2Av24f9WR0Xpk RAudEd21ySi9PrSW49G5vzTjALg0CPYOxEWPkBMkduyN7xFzyEYuNxiPl0M1XLNX xS93+odiaaNMecIXvGH+mnh8j7VJiNpCwycYDfT5NpvIFYMFBHoVUO/k7rrloNnw 0Y8SAoNaA4NFBvdDOEjv =hVqb -----END PGP SIGNATURE-----
Current thread:
- CVE request for Drupal contributed modules Forest Monsen (Jul 22)
- <Possible follow-ups>
- CVE request for Drupal contributed modules Forest Monsen (Jul 25)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Jul 27)
- CVE request for Drupal contributed modules Forest Monsen (Aug 09)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 09)
- Re: CVE request for Drupal contributed modules Henri Salo (Aug 10)
- Re: CVE request for Drupal contributed modules Forest Monsen (Aug 11)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 12)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 09)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 21)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Sep 26)