Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 19 Dec 2012 21:16:11 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Forest Monsen <forest.monsen@...il.com>
Subject: Re: CVE request for Drupal core, and contributed modules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/19/2012 02:28 PM, Forest Monsen wrote:
> Hello! I'd like to request CVE identifiers for several issues with 
> core and contributed modules:
> 
> SA-CORE-2012-166: Multiple vulnerabilities 
> http://drupal.org/SA-CORE-2012-004 (Looks like three identifiers
> necessary here?)

Access bypass (User module search - Drupal 6 and 7)
Please use CVE-2012-5651 for this issue.

Access bypass (Upload module - Drupal 6)
Please use CVE-2012-5652 for this issue.

Arbitrary PHP code execution (File upload modules - Drupal 6 and 7)
Please use CVE-2012-5653 for this issue.

> SA-CONTRIB-2012-173 - Nodewords: Information disclosure 
> http://drupal.org/node/1859282

Please use CVE-2012-5654 for this issue.

> SA-CONTRIB-2012-174 - Context - Information Disclosure 
> http://drupal.org/node/1870550

Please use CVE-2012-5655 for this issue.

> Thanks, Forest
> 

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ0pEKAAoJEBYNRVNeJnmT3m8P/AtLcWrUckVnBEoARQfphuqE
dV5FlHBOyX+vrmapMl/4LgqSnSdjG4LCiCwyJ/meZlGF1dkuSutRAZq/gVp6lEY9
y6upxe/UnMZjroTeS9bUE/SqIM0IG/gqisW59BrHOgaIsERMowoDhLVp0mAcML5R
IxrPQWLACceoEtVbEcKndh5slp8uOnyYOv1MTRuST66OB0rln+RlHwb77guR30Fu
lkk98to73WLs8tSGrKXUaBt9XlpXgPgvHsFRs5TCkftBmoc8QMeZPWYEZz2RSnar
98zPexrZ4ijdA9raBnanBEbQsdmITV/uOc1+P6f0wfZ1VtuICktolBytJiOY+Lxx
zSq+EJkr/lqF/BEhGjrBvYH9gDGy1BeBgBiVWMIUfdH2q6jUQUbnqfWW+wR9csG3
6LM1exHklb0/ahIBTqmIOrNpLbkGqPO21daDinehEg/45b0BANbNSP7nwxZZpHfT
1VajmwDAcApdO/VRD2AKReylNhungmG1Fc7lakJPH9b3/P8ZVF5K1pdhmjzOJNwg
nKTZI7GRlKckqETd8Iy/5t+raKPQTvGu+kJwAouObHx1Mkn6b7bpVqWgVlu8R08j
rGAkmmvBrY78k7szzpOiJ7OoGmB5wb44X122yLUSX2UP7j6dZZVeiCVBhz5odWZI
zKZpPsD6mdLYojwkUeMj
=hfqG
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ