Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 27 Sep 2013 00:14:10 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Forest Monsen <forest.monsen@...il.com>
Subject: Re: CVE request for Drupal contributed modules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/26/2013 03:21 PM, Forest Monsen wrote:
> Hi there,
> 
> I'd like to request CVE identifiers for:
> 
> SA-CONTRIB-2013-073 - Make Meeting Scheduler - Access Bypass 
> https://drupal.org/node/2081637
> 
> SA-CONTRIB-2013-074 - MediaFront - Cross Site Scripting (XSS) 
> https://drupal.org/node/2087051
> 
> SA-CONTRIB-2013-075 - Click2Sell - Multiple Vulnerabilities (XSS
> and CSRF) (Now marked "unsupported," and no patch provided) 
> https://drupal.org/node/2087055
> 
> SA-CONTRIB-2013-076 - jQuery Countdown - Cross Site Scripting
> (XSS) https://drupal.org/node/2087095
> 
> SA-CONTRIB-2013-077 - Google Site Search - Cross Site Scripting
> (XSS) https://drupal.org/node/2092395
> 
> Thanks!
> 
> Best, Forest

Please use:

CVE-2013-4379 Drupal SA-CONTRIB-2013-073 - Make Meeting Scheduler -
Access Bypass

CVE-2013-4380 Drupal SA-CONTRIB-2013-074 - MediaFront - Cross Site
Scripting (XSS)

CVE-2013-4381 Drupal SA-CONTRIB-2013-075 - Click2Sell - Multiple
Vulnerabilities XSS
CVE-2013-4382 Drupal SA-CONTRIB-2013-075 - Click2Sell - Multiple
Vulnerabilities CSRF

CVE-2013-4383 Drupal SA-CONTRIB-2013-076 - jQuery Countdown - Cross
Site Scripting (XSS)

CVE-2013-4384 Drupal SA-CONTRIB-2013-077 - Google Site Search - Cross
Site Scripting (XSS)



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSRSIyAAoJEBYNRVNeJnmT/dAP/j87eza8z/EQ1QDIXD/HYi3F
p0eXP+p8vvfQPfsDF2y3+fckmWsRuGzYDYU3Lh3Z7rbUipJkHPc+ABKfXgQWJJiN
3F0JqDBWlyz9Dih3tdXf+qX53oZ1jovhTYuBI8ktEUM4LRh0bnjFanAWumlkL2kK
GswolTCw4TK+AGtJEPTpoAa6NpMW0SzrLGwLDYtlPFqXdjr2pdXpzLDikqPiaO3P
K3c+FpM4J0AfsIdQUE3DVnm6pm+91mTzDVmGNKq48bvEAzMNw90bVPSEwWjseb8b
Z+F5IfYOGvwxrqT8SnDt3aOb9tVCYbPw++F2DmXno6JvlQiswCRhfI0U5DHLW0TK
isLHFS4HifPZk4LzZmw/jBnA8BTFDu3BXY6Rav1j0eOOa8yawAjkdi1fw60OCmmA
tcgtPzxEVs8jH0MMl2hFdQrIJY/ladh9yyBrXPBQixH4ijZth8C74Y/R6czEehl/
qSmn8zGNAWQkYPknNutb1nhthC9ho8zS3mV8ls5VQY/wCVCpLrxmKsDIn8Hi0vTL
4Khx1zXLFENd6ne0qhxlFV55/KXu1FbNfyhyBPpd20aLOLnp6LPGMj2GHztRLaZI
len35d5KzIIm+stqTNWRCpQ0cFDhGtkDElaUV78EIepH+zdhcIT83blxWmFz7RRU
kw/wIWQdbrM6QcThG5P0
=lGBK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ