Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 18 Nov 2013 13:45:36 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request for Drupal contributed modules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Top posting because lazy:

CVE-2013-4594 SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass

CVE-2013-4595 SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption
of Sensitive Data

CVE-2013-4596 SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass

CVE-2013-4597 SA-CONTRIB-2013-090 - Revisioning - Access Bypass

CVE-2013-4598 SA-CONTRIB-2013-091 - Groups, Communities and Co (GCC) -
Access Bypass

CVE-2013-4599 SA-CONTRIB-2013-092 - Misery - Denial of Service (DOS)
vulnerability


On 11/17/2013 10:34 PM, Forest Monsen wrote:
> Hi there, I'd like to request CVEs for:
> 
> SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass 
> https://drupal.org/node/2129373
> 
> SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of
> Sensitive Data https://drupal.org/node/2129381
> 
> SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass 
> https://drupal.org/node/2129379
> 
> SA-CONTRIB-2013-090 - Revisioning - Access Bypass 
> https://drupal.org/node/2135257
> 
> SA-CONTRIB-2013-091 - Groups, Communities and Co (GCC) - Access
> Bypass https://drupal.org/node/2135267
> 
> SA-CONTRIB-2013-092 - Misery - Denial of Service (DOS)
> vulnerability https://drupal.org/node/2135273 (Says multiple, but
> it seems to me this is really just a single DoS vuln.)

Agreed.

> Thanks Kurt.
> 
> Best, Forest
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSinxwAAoJEBYNRVNeJnmTfsYQAKDd6OXXbuBLaimNkuLSc0Np
xnfjCJJy991BduMAzzya2hbW5GSP4pwW+yPInf5HeDZTbGfmncoss4HE3EUHbOrI
8DXhRtLHbUOHii0jONB6ESxMGT5F45oQQO5R4LmIzVsJ1ImPa3kcUUCE8/okibx5
LlozL5GDTo4YMGD0VrlUkEi7j3Ec1Eel/DMPytmI5dUJE+OFIw7Hm2TsvwrKp55y
422pwFI/sBQHwcZRKNlteQ8W3nK+nMd7ll88o5ewf3fynkoj5GILGnaV4wSKVbQm
iPXj/Wa/dUsGOR4VUZpMdD6fmKvTjLtLPrTSm/qARbqS4qAiuv9V9e3ZqUskD8Xy
RL/iglLv27wnOl3oj0PKHlJJNjmXnL5s/BW5ctJauiwSjKD0diA4qBjCyxwaNxIq
1f2LWcUq0pX1199tachsp7BKB7GoZDaSaV5PA+MXd4uPYpTswvNIiRgtf8KX6kq6
rFstkjpDM7W/f2YLsKgtGw9OrLmBNSUJBCWFpEk35FrEO/8tla/jJAMaSkHAjc3I
N1tLDpN+0O0h1CSDkyN5oB9UcC32uF9FIMdqdPNz+1Fy6ypusgjGS4OgamOf1NcB
PQ7Tv1bBWbZkkKsFkUdrHvamgXxBihubFL2mjpzaDEql0YC1DK73tiakix3CWU6m
sZ3Ka4UuFzwMuqYJI2Z9
=6vwF
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.