Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 09 Aug 2013 22:02:59 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Forest Monsen <forest.monsen@...il.com>
Subject: Re: CVE request for Drupal contributed modules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/09/2013 05:29 PM, Forest Monsen wrote:
> Hi there,
> 
> I'd like to request CVE identifiers for...
> 
> SA-CONTRIB-2013-061 - Flippy - Access Bypass 
> https://drupal.org/node/2054701
> 
> SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) - Access
> Bypass https://drupal.org/node/2059603
> 
> SA-CONTRIB-2013-063 - Authenticated User Page Caching (Authcache)
> - Information Disclosure https://drupal.org/node/2059589
> 
> SA-CONTRIB-2013-064 - Persona - Cross site request forgery (CSRF) 
> https://drupal.org/node/2059599
> 
> SA-CONTRIB-2013-065 - Organic Groups - Access Bypass 
> https://drupal.org/node/2059765
> 
> SA-CONTRIB-2013-066 - Monster Menus - Multiple Vulnerabilities 
> (Looks like two here: XSS, and an Access Bypass vuln) 
> https://drupal.org/node/2059823
> 
> Thanks!
> 
> Best, Forest
> 

Yup

CVE-2013-4224 SA-CONTRIB-2013-061 - Flippy - Access Bypass

CVE-2013-4225 SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) -
Access Bypass

CVE-2013-4226 SA-CONTRIB-2013-063 - Authenticated User Page Caching
(Authcache) -Information Disclosure

CVE-2013-4227 SA-CONTRIB-2013-064 - Persona - Cross site request
forgery (CSRF)

CVE-2013-4228 SA-CONTRIB-2013-065 - Organic Groups - Access Bypass

CVE-2013-4229 SA-CONTRIB-2013-066 - Monster Menus XSS

CVE-2013-4230 SA-CONTRIB-2013-066 - Monster Menus Access Bypass

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJSBbtzAAoJEBYNRVNeJnmTEvwQAM2rw6CmcsPea8E6KXbgxKgZ
ahuaP4zCV/Nc966X8otYKyQrS6kFtJE4LtqmX7fksaZXg5t7yonRMOrUQr5hF0G9
asw9gsjpOpZHOsW+PNw4JboIb61I52jX9kJw065HLMDr8oaKMVwXd2LOQcIG75Sf
1ZKK/Z1UEdHvc2xX0mL5tzy/lbcVNyu0tCTPDQIcVqUGu45E+qeFOi+ecsxiL6ke
GmgGJt2WQJlOgmbhtUM47H4jfAQBa2AZ7KK+3TY5vvz5/1TOGvYL/N6jsoF4EydZ
3uawKi3M1+rX8DzCJyn4t9wyUD20C7tb79ZFl63tGsyJOC6LoDWWFkyNAjF61uSu
XsTtEBr4xNIjXM78ZU12EC4KXFfkQznAtm6NtZwojopP+gJ6BFqAc/qmQgxmJiQB
J+j8F11YcojhgipH8Zy+Jp1J1dvXpDKPfWnGI8MD+0zCGxBqbUxgcGz9gcRyEJgE
Gob2XHf0LrXC30bbyOIWMEbni9o9QKZvekyI6gHYo0wBXBcutcD2Av24f9WR0Xpk
RAudEd21ySi9PrSW49G5vzTjALg0CPYOxEWPkBMkduyN7xFzyEYuNxiPl0M1XLNX
xS93+odiaaNMecIXvGH+mnh8j7VJiNpCwycYDfT5NpvIFYMFBHoVUO/k7rrloNnw
0Y8SAoNaA4NFBvdDOEjv
=hVqb
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ