oss-sec mailing list archives
Re: CVE request for Drupal contributed modules
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 18 Nov 2013 13:45:36 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Top posting because lazy: CVE-2013-4594 SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass CVE-2013-4595 SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data CVE-2013-4596 SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass CVE-2013-4597 SA-CONTRIB-2013-090 - Revisioning - Access Bypass CVE-2013-4598 SA-CONTRIB-2013-091 - Groups, Communities and Co (GCC) - Access Bypass CVE-2013-4599 SA-CONTRIB-2013-092 - Misery - Denial of Service (DOS) vulnerability On 11/17/2013 10:34 PM, Forest Monsen wrote:
Hi there, I'd like to request CVEs for: SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass https://drupal.org/node/2129373 SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data https://drupal.org/node/2129381 SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass https://drupal.org/node/2129379 SA-CONTRIB-2013-090 - Revisioning - Access Bypass https://drupal.org/node/2135257 SA-CONTRIB-2013-091 - Groups, Communities and Co (GCC) - Access Bypass https://drupal.org/node/2135267 SA-CONTRIB-2013-092 - Misery - Denial of Service (DOS) vulnerability https://drupal.org/node/2135273 (Says multiple, but it seems to me this is really just a single DoS vuln.)
Agreed.
Thanks Kurt. Best, Forest
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSinxwAAoJEBYNRVNeJnmTfsYQAKDd6OXXbuBLaimNkuLSc0Np xnfjCJJy991BduMAzzya2hbW5GSP4pwW+yPInf5HeDZTbGfmncoss4HE3EUHbOrI 8DXhRtLHbUOHii0jONB6ESxMGT5F45oQQO5R4LmIzVsJ1ImPa3kcUUCE8/okibx5 LlozL5GDTo4YMGD0VrlUkEi7j3Ec1Eel/DMPytmI5dUJE+OFIw7Hm2TsvwrKp55y 422pwFI/sBQHwcZRKNlteQ8W3nK+nMd7ll88o5ewf3fynkoj5GILGnaV4wSKVbQm iPXj/Wa/dUsGOR4VUZpMdD6fmKvTjLtLPrTSm/qARbqS4qAiuv9V9e3ZqUskD8Xy RL/iglLv27wnOl3oj0PKHlJJNjmXnL5s/BW5ctJauiwSjKD0diA4qBjCyxwaNxIq 1f2LWcUq0pX1199tachsp7BKB7GoZDaSaV5PA+MXd4uPYpTswvNIiRgtf8KX6kq6 rFstkjpDM7W/f2YLsKgtGw9OrLmBNSUJBCWFpEk35FrEO/8tla/jJAMaSkHAjc3I N1tLDpN+0O0h1CSDkyN5oB9UcC32uF9FIMdqdPNz+1Fy6ypusgjGS4OgamOf1NcB PQ7Tv1bBWbZkkKsFkUdrHvamgXxBihubFL2mjpzaDEql0YC1DK73tiakix3CWU6m sZ3Ka4UuFzwMuqYJI2Z9 =6vwF -----END PGP SIGNATURE-----
Current thread:
- CVE request for Drupal contributed modules Forest Monsen (Oct 18)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Oct 18)
- <Possible follow-ups>
- CVE request for Drupal contributed modules Forest Monsen (Nov 02)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 03)
- Re: CVE request for Drupal contributed modules Forest Monsen (Nov 06)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 03)
- CVE request for Drupal contributed modules Forest Monsen (Nov 17)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 18)