Date: Mon, 20 Jan 2014 18:18:48 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: CVE request for Drupal contributed modules On Mon, Jan 20, 2014 at 03:30:34AM -0800, Forest Monsen wrote: > Hi there, I'd like to request CVE identifiers for: > > SA-CONTRIB-2013-098 - Ubercart - Session Fixation Vulnerability > https://drupal.org/node/2158651 > > SA-CONTRIB-2014-001 - Entity API - Access Bypass > https://drupal.org/node/2169595 > > SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS) > https://drupal.org/node/2173321 > > Thanks! > > Best, > Forest https://drupal.org/node/2169595 already has CVEs: CVE-2014-1398 (Comment, User and Node Statistics property access bypass) CVE-2014-1399 (Entity list property access bypass) CVE-2014-1400 (Unpublished comments access bypass) As far as I know SA-CONTRIB-2013-098 and SA-CONTRIB-2014-002 are still missing CVEs. --- Henri Salo [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ