[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 17 Nov 2012 21:29:33 -0800
From: Forest Monsen <forest.monsen@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request for Drupal Contributed Modules
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello!
Here's a batch CVE request for a number of previously published and
resolved issues with contributed modules for the Drupal project. As
noted in http://www.openwall.com/lists/oss-security/2012/11/05/4, I
have volunteered to coordinate our CVE requests.
Forest Monsen, on behalf of the Drupal Security Team
- - SA-CONTRIB-2012-146 - Simplenews Scheduler - Arbitrary code execution
http://drupal.org/node/1789284
- - SA-CONTRIB-2012-147 - FileField Sources - Cross Site Scripting (XSS)
http://drupal.org/node/1789306
- - SA-CONTRIB-2012-148 - Organic Groups - Access Bypass
http://drupal.org/node/1796036
- - SA-CONTRIB-2012-149 - Hostip - Cross Site Scripting (XSS)
http://drupal.org/node/1802218
- - SA-CONTRIB-2012-150 - Twitter Pull - Cross Site Scripting (XSS)
http://drupal.org/node/1802230
- - SA-CONTRIB-2012-151 - Commerce Extra Panes - Cross Site Request
Forgery
http://drupal.org/node/1802258
- - SA-CONTRIB-2012-152 - Feeds - Access bypass
http://drupal.org/node/1808832
- - SA-CONTRIB-2012-153 - Mandrill - Information Disclosure
http://drupal.org/node/1808846
- - SA-CONTRIB-2012-154 - Basic webmail - Cross Site Scripting
http://drupal.org/node/1808852
- - SA-CONTRIB-2012-154 - Basic webmail - Information Disclosure
http://drupal.org/node/1808852
- - SA-CONTRIB-2012-155 - ShareThis - Cross Site Scripting (XSS)
http://drupal.org/node/1808856
- - SA-CONTRIB-2012-156 - Search API - Cross Site Request Forgery (CSRF)
http://drupal.org/node/1815770
- - SA-CONTRIB-2012-157 - Time Spent - Cross Site Scripting (XSS)
http://drupal.org/node/1822066
- - SA-CONTRIB-2012-157 - Time Spent - Cross Site Request Forgery (CSRF)
http://drupal.org/node/1822066
- - SA-CONTRIB-2012-157 - Time Spent - SQL Injection
http://drupal.org/node/1822066
- - SA-CONTRIB-2012-158 - MailChimp - Cross Site Scripting (XSS)
http://drupal.org/node/1822166
- - SA-CONTRIB-2012-159 - Password policy - Information disclosure
http://drupal.org/node/1828340
- - SA-CONTRIB-2012-160 - OM Maximenu - Cross Site Scripting (XSS)
http://drupal.org/node/1834866
- - SA-CONTRIB-2012-161 - Webform CiviCRM Integration - Access Bypass
http://drupal.org/node/1834868
- - SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request
forgery (CSRF)
http://drupal.org/node/1840740
- - SA-CONTRIB-2012-163 - User Read-Only - Permission escalation
http://drupal.org/node/1840886
- - SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site
Scripting (XSS)
http://drupal.org/node/1840892
- - SA-CONTRIB-2012-165 - Chaos tool suite (ctools) - Cross Site
Scripting (XSS)
http://drupal.org/node/1840992
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCocjEACgkQ/ILCL9e1Br73XACeIA+9vN5kq9QZ99cbEHtVemyV
SxsAn1EN77He3g3ssthVQ/pgBfVPgrR9
=15AA
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
