Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 03 Oct 2012 20:20:35 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Joshua Brauer <joshua@...uerranch.com>
Subject: Re: CVE Request for Drupal Contributed Modules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/03/2012 06:06 PM, Joshua Brauer wrote:
> 
> This is a batch CVE request for several already published/resolved
> issues with contributed modules for the Drupal project.
> 
> http://drupal.org/node/1649346 | SA-CONTRIB-2012-104 - Privatemsg -
> Cross Site Scripting (XSS) http://drupal.org/node/1663306 |
> SA-CONTRIB-2012-105 - Hashcash - Cross Site Scripting (XSS) 
> http://drupal.org/node/1679412 | SA-CONTRIB-2012-106 - Listhandler
> - Access Bypass http://drupal.org/node/1679422 |
> SA-CONTRIB-2012-107 - Search autocomplete - Access bypass 
> http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop
> Gallery - Arbitrary PHP code execution 
> http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop
> Gallery - Cross Site Scripting http://drupal.org/node/1679442 |
> SA-CONTRIB-2012-108 - Drag & Drop Gallery - Access bypass 
> http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop
> Gallery - Cross Site Request Forgery http://drupal.org/node/1679442
> | SA-CONTRIB-2012-108 - Drag & Drop Gallery - SQL Injection 
> http://drupal.org/node/1679466 | SA-CONTRIB-2012-109 - Restrict
> node page view - Access bypass http://drupal.org/node/1679486 |
> SA-CONTRIB-2012-110 - Colorbox Node - Cross Site Scripting (XSS) 
> http://drupal.org/node/1679532 | SA-CONTRIB-2012-111 - Security
> Questions - Access Bypass
> 
> Thanks, Josh - on behalf of the Drupal security team.

Perfect, this is easy =).

Please use the following CVEs:

CVE-2012-4468 SA-CONTRIB-2012-104
CVE-2012-4469 SA-CONTRIB-2012-105
CVE-2012-4470 SA-CONTRIB-2012-106
CVE-2012-4471 SA-CONTRIB-2012-107
CVE-2012-4472 SA-CONTRIB-2012-108
CVE-2012-4473 SA-CONTRIB-2012-109
CVE-2012-4474 SA-CONTRIB-2012-110
CVE-2012-4475 SA-CONTRIB-2012-111

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQbPJzAAoJEBYNRVNeJnmTcsQP/05luypQ2Wp6z+zsSHVd+a8x
zwj1De0kIKoEugjezID24IAYmy1G2QQTl57mRKEgb2WgWImqNBbUSvJ6fuSB9xq0
giSwvAWTmoFFzhJBLY1TaF3L+9uo58hqp6hxTH1BpNFTfkORnUvn/HaPanUmAo/9
DHG1R9efIYLvTTyD3ALoA8xcLTl33vnbTMgnubxOB+y/a6Ovhq1icueyshefmKGc
AFDqLbZGcpi9D1SF28ys0pNe9q1pGxysruDo9VPJILcfq+UJctVqsf036hRg95Et
LdhHHVk5vWVbb+yH9A0hWBxloO0iaXlIGJpPtx7xmbUVmewXWpiyvZ9Kh2/SYlEK
N4xSPEBIbTtbmgm0qjS/zVDd3vlW0ZOeN/TVmm/mg7DZngn3QfWTC1QJ7dIisGfO
5FKy+NiA/kQSZdZs2GVR/Aq20oR1/kYH0YTORVR9YtdSvr0dsXv2xJIuXdeTgSR9
f8uo6KlISk/FOUUeLN/Eoe3VmmLm9MW7OkJY6kVaTD5M/TByPz6bCQxumfXrCw+/
OusmbwNcvBAmxQn9n9bD61+1JfvdYVsfVKafKQTpm9nXTJsQ1161trC36N1kaH5E
WU8LeeBANz14xEX6TQVqSwcXNfYDdm9++ePKP4tMQcPav3CHpF4jSPSSEMIQuCWl
zouflR/IkanhMJlXqCR/
=Vs4T
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ