Date: Tue, 20 Mar 2012 17:28:16 -0600 From: Greg Knaddison <greg.knaddison@...uia.com> To: Kurt Seifried <kseifried@...hat.com> Cc: oss-security@...ts.openwall.com, security@...pal.org Subject: Re: Re: [security] Drupal CORE and Drupal Contrib Thanks, Kurt. These are all updated now. We have a new Drupal 7 core release planned for March 28th that will likely include some issues. I will mail you March 26th with descriptions of any issues that we plan to release on the 28th. This fact is public in our community but I don't expect you to have seen the news. Regards, Greg On Mon, Mar 19, 2012 at 12:33 PM, Kurt Seifried <kseifried@...hat.com> wrote: > On 03/16/2012 04:40 PM, Greg Knaddison wrote: >> Hi Kurt, >> >> We started considering associating CVEs with our Security Advisories >> (SAs) in September of 2011. At the time we discussed it with Josh >> Bressers, Jan Lieskovsky, Steven M. Christey and decided that it would >> only be practical to do it for Drupal core for now and we could >> considering doing it for contrib in the future. Since that discussion >> there has only been one SA for Drupal core which I think has the CVEs >> on it: SA-CORE-2012-001 - Drupal core multiple vulnerabilities - >> http://drupal.org/node/1425084 >> >> Is there another SA for core that I'm not considering? Is there a >> better way to list the CVE numbers? >> >> There have been several SAs for contributed modules and we would >> gladly update them with CVEs. If you can send an email with a link to >> the SA and the CVE-id to use that would be great. > > Ok starting with core: > > http://drupal.org/node/1231510 > SA-CORE-2011-003 - Drupal core - Access bypass > This was already assigned CVE-2011-2726 > > http://drupal.org/node/1204582 > SA-CORE-2011-002 - Drupal core - Access bypass > This was already assigned CVE-2011-2687 > > http://drupal.org/node/1168756 > SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities > Can't find any CVE's, do they need to be assigned? > > > > > -- > Kurt Seifried Red Hat Security Response Team (SRT) -- Director Security Services | +1-720-310-5623 Skype: greg.knaddison | http://twitter.com/greggles | http://acquia.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ