oss-sec mailing list archives
Re: Re: CVEs for Drupal contributed modules - January 2015
From: Vasyl Kaigorodov <vkaigoro () redhat com>
Date: Thu, 29 Jan 2015 12:58:09 +0100
Hello Pere,
SA-CONTRIB-2014-004 - Context - Open Redirect https://www.drupal.org/node/2403351
I think this one was assigned CVE-2015-1051 already: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1051 Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 On Thu, 29 Jan 2015, Pere Orga wrote:
Hi again, In my previous email a CVE request was wrong. "SA-CONTRIB-2015-031 - GD Infinite Scroll - Open Redirect" should be discarded in favour of: SA-CONTRIB-2015-032 - Node Invite - Open Redirect https://www.drupal.org/node/2415899 Sorry for the confusion. Many thanks Pere Orga on behalf of the Drupal Security Team On Thu, Jan 29, 2015 at 12:12 AM, Pere Orga <pere () orga cat> wrote:Hi I would like to ask CVEs for the following advisories of Drupal contributed modules: SA-CONTRIB-2015-001 - OPAC - Cross-Site Request Forgery (CSRF) https://www.drupal.org/node/2403313 SA-CONTRIB-2015-002 - Course - Cross Site Scripting (XSS) https://www.drupal.org/node/2403333 SA-CONTRIB-2015-003 - PHPlist Integration Module - SQL Injection https://www.drupal.org/node/2403343 SA-CONTRIB-2015-004 - Context - Open Redirect https://www.drupal.org/node/2403351 SA-CONTRIB-2015-005 - WikiWiki - SQL injection https://www.drupal.org/node/2403375 SA-CONTRIB-2015-006 - Cloudwords for Multilingual Drupal - XSS SA-CONTRIB-2015-006 - Cloudwords for Multilingual Drupal - CSRF https://www.drupal.org/node/2403447 SA-CONTRIB-2015-007 - Htaccess - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2403445 SA-CONTRIB-2015-008 - Batch Jobs - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2403451 SA-CONTRIB-2015-009 - Linkit - Cross Site Scripting (XSS) https://www.drupal.org/node/2403459 SA-CONTRIB-2015-010 - Log Watcher - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2403463 SA-CONTRIB-2015-011 - Todo Filter - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2403465 SA-CONTRIB-2015-012 - Jammer - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2403487 SA-CONTRIB-2015-013 - Field Display Label - Cross Site Scripting (XSS) https://www.drupal.org/node/2403489 SA-CONTRIB-2015-014 - Wishlist - XSS SA-CONTRIB-2015-014 - Wishlist - CSRF https://www.drupal.org/node/2407313 SA-CONTRIB-2015-015 - Term Merge - Cross Site Scripting (XSS) https://www.drupal.org/node/2407315 SA-CONTRIB-2015-016 - Tadaa! - CSRF SA-CONTRIB-2015-016 - Tadaa! - Open Redirect https://www.drupal.org/node/2407321 SA-CONTRIB-2015-017 - Room Reservations - Cross Site Scripting (XSS) https://www.drupal.org/node/2407329 SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS) https://www.drupal.org/node/2407341 SA-CONTRIB-2015-019 - Ubercart Currency Conversion - Open Redirect https://www.drupal.org/node/2407347 SA-CONTRIB-2015-020 - Contact Form Fields - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2407357 SA-CONTRIB-2015-021 - Content Analysis - Cross Site Scripting (XSS) https://www.drupal.org/node/2407395 SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS) https://www.drupal.org/node/2407401 SA-CONTRIB-2015-023 - Classified Ads - Cross Site Scripting (XSS) https://www.drupal.org/node/2411527 SA-CONTRIB-2015-024 - Alfresco - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2411523 SA-CONTRIB-2015-025 - Patterns - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2411539 SA-CONTRIB-2015-026 - Taxonews - Cross Site Scripting (XSS) https://www.drupal.org/node/2411573 SA-CONTRIB-2015-027 - Quizzler - Cross Site Scripting (XSS) https://www.drupal.org/node/2411579 SA-CONTRIB-2015-028 - Shibboleth Authentication - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2411737 SA-CONTRIB-2015-029 - Corner - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2411741 SA-CONTRIB-2015-030 - Amazon AWS - Access bypass https://www.drupal.org/node/2415873 SA-CONTRIB-2015-031 - GD Infinite Scroll - XSS SA-CONTRIB-2015-031 - GD Infinite Scroll - CSRF SA-CONTRIB-2015-031 - GD Infinite Scroll - Open Redirect https://www.drupal.org/node/2415885 SA-CONTRIB-2015-032 - Node Invite - XSS SA-CONTRIB-2015-032 - Node Invite - CSRF https://www.drupal.org/node/2415899 SA-CONTRIB-2015-033 - Certify - Access bypass SA-CONTRIB-2015-033 - Certify - Information disclosure https://www.drupal.org/node/2415947 Many thanks Pere Orga on behalf of the Drupal Security Team
Attachment:
_bin
Description:
Current thread:
- CVEs for Drupal contributed modules - January 2015 Pere Orga (Jan 28)
- Re: CVEs for Drupal contributed modules - January 2015 Pere Orga (Jan 29)
- Re: Re: CVEs for Drupal contributed modules - January 2015 Vasyl Kaigorodov (Jan 29)
- Re: CVEs for Drupal contributed modules - January 2015 Pere Orga (Jan 29)