Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Jan 2014 18:18:48 +0200
From: Henri Salo <>
Subject: Re: CVE request for Drupal contributed modules

On Mon, Jan 20, 2014 at 03:30:34AM -0800, Forest Monsen wrote:
> Hi there, I'd like to request CVE identifiers for:
> SA-CONTRIB-2013-098 - Ubercart - Session Fixation Vulnerability
> SA-CONTRIB-2014-001 - Entity API - Access Bypass
> SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)
> Thanks!
> Best,
> Forest already has CVEs:

CVE-2014-1398 (Comment, User and Node Statistics property access bypass)
CVE-2014-1399 (Entity list property access bypass)
CVE-2014-1400 (Unpublished comments access bypass)

As far as I know SA-CONTRIB-2013-098 and SA-CONTRIB-2014-002 are still missing

Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ