Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 May 2012 18:53:05 -0600
From: Greg Knaddison <greg.knaddison@...uia.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request for Drupal contributed modules

Hello,

First, thanks to Kurt for getting us CVEs in advance on Drupal core's
latest release at http://drupal.org/node/1557938 with CVEs on each
issue.

This is a CVE request for the following contributed module issues:

http://drupal.org/node/1558248  SA-CONTRIB-2012-072 - cctags - Cross
Site Scripting (XSS)
http://drupal.org/node/1557874  SA-CONTRIB-2012-071 - Glossify - Cross
Site Scripting (XSS) - Unsupported
http://drupal.org/node/1557872  SA-CONTRIB-2012-070 - Taxonomy Grid :
Catalog - Cross Site Scripting (XSS) - Unsupported
http://drupal.org/node/1557868  SA-CONTRIB-2012-069 - Addressbook -
Multiple vulnerabilities - Unsupported
http://drupal.org/node/1557852  SA-CONTRIB-2012-068 - Node Gallery -
Cross Site Request Forgery (CSRF) - Unsupported
http://drupal.org/node/1547738  SA-CONTRIB-2012-067 - Linkit - Access bypass
http://drupal.org/node/1547736  SA-CONTRIB-2012-066 - Spaces and
Spaces OG - Access Bypass
http://drupal.org/node/1547686  SA-CONTRIB-2012-065 - Sitedoc -
Information disclosure
http://drupal.org/node/1547674  SA-CONTRIB-2012-064 - Ubercart -
Multiple vulnerabilities
http://drupal.org/node/1547660  SA-CONTRIB-2012-063 - RealName - Cross
Site Scripting (XSS)
http://drupal.org/node/1547520  SA-CONTRIB-2012-062 - Creative Commons
- Cross Site Scripting (XSS)

Other issues from 2012 that don't have a CVE per your policies:
http://drupal.org/node/1515282  SA-CONTRIB-2012-056 - Janrain Engage -
Sensitive Data Protection Vulnerability
http://drupal.org/node/1506542  SA-CONTRIB-2012-050 - CDN2 Video - Unsupported

Thanks,
Greg

-- 
Director Security Services | +1-720-310-5623
Skype: greg.knaddison | http://twitter.com/greggleshttp://acquia.com

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ