Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Jan 2014 18:18:48 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request for Drupal contributed modules

On Mon, Jan 20, 2014 at 03:30:34AM -0800, Forest Monsen wrote:
> Hi there, I'd like to request CVE identifiers for:
> 
> SA-CONTRIB-2013-098 - Ubercart - Session Fixation Vulnerability
> https://drupal.org/node/2158651
> 
> SA-CONTRIB-2014-001 - Entity API - Access Bypass
> https://drupal.org/node/2169595
> 
> SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)
> https://drupal.org/node/2173321
> 
> Thanks!
> 
> Best,
> Forest

https://drupal.org/node/2169595 already has CVEs:

CVE-2014-1398 (Comment, User and Node Statistics property access bypass)
CVE-2014-1399 (Entity list property access bypass)
CVE-2014-1400 (Unpublished comments access bypass)

As far as I know SA-CONTRIB-2013-098 and SA-CONTRIB-2014-002 are still missing
CVEs.

---
Henri Salo


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ