Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 Jan 2015 09:24:55 +0100
From: Pere Orga <pere@...a.cat>
To: kseifried@...hat.com, oss-security@...ts.openwall.com
Subject: Re: CVEs for Drupal contributed modules - January 2015

Hi again,

In my previous email a CVE request was wrong. "SA-CONTRIB-2015-031 -
GD Infinite Scroll - Open Redirect" should be discarded in favour of:

SA-CONTRIB-2015-032 - Node Invite - Open Redirect
https://www.drupal.org/node/2415899

Sorry for the confusion.

Many thanks
Pere Orga on behalf of the Drupal Security Team

On Thu, Jan 29, 2015 at 12:12 AM, Pere Orga <pere@...a.cat> wrote:
> Hi
>
> I would like to ask CVEs for the following advisories of Drupal
> contributed modules:
>
> SA-CONTRIB-2015-001 - OPAC - Cross-Site Request Forgery (CSRF)
> https://www.drupal.org/node/2403313
>
> SA-CONTRIB-2015-002 - Course - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2403333
>
> SA-CONTRIB-2015-003 - PHPlist Integration Module - SQL Injection
> https://www.drupal.org/node/2403343
>
> SA-CONTRIB-2015-004 - Context - Open Redirect
> https://www.drupal.org/node/2403351
>
> SA-CONTRIB-2015-005 - WikiWiki - SQL injection
> https://www.drupal.org/node/2403375
>
> SA-CONTRIB-2015-006 - Cloudwords for Multilingual Drupal - XSS
> SA-CONTRIB-2015-006 - Cloudwords for Multilingual Drupal - CSRF
> https://www.drupal.org/node/2403447
>
> SA-CONTRIB-2015-007 - Htaccess - Cross Site Request Forgery (CSRF)
> https://www.drupal.org/node/2403445
>
> SA-CONTRIB-2015-008 - Batch Jobs - Cross Site Request Forgery (CSRF)
> https://www.drupal.org/node/2403451
>
> SA-CONTRIB-2015-009 - Linkit - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2403459
>
> SA-CONTRIB-2015-010 - Log Watcher - Cross Site Request Forgery (CSRF)
> https://www.drupal.org/node/2403463
>
> SA-CONTRIB-2015-011 - Todo Filter - Cross Site Request Forgery (CSRF)
> https://www.drupal.org/node/2403465
>
> SA-CONTRIB-2015-012 - Jammer - Cross Site Request Forgery (CSRF)
> https://www.drupal.org/node/2403487
>
> SA-CONTRIB-2015-013 - Field Display Label - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2403489
>
> SA-CONTRIB-2015-014 - Wishlist - XSS
> SA-CONTRIB-2015-014 - Wishlist - CSRF
> https://www.drupal.org/node/2407313
>
> SA-CONTRIB-2015-015 - Term Merge - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2407315
>
> SA-CONTRIB-2015-016 - Tadaa! - CSRF
> SA-CONTRIB-2015-016 - Tadaa! - Open Redirect
> https://www.drupal.org/node/2407321
>
> SA-CONTRIB-2015-017 - Room Reservations - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2407329
>
> SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2407341
>
> SA-CONTRIB-2015-019 - Ubercart Currency Conversion - Open Redirect
> https://www.drupal.org/node/2407347
>
> SA-CONTRIB-2015-020 - Contact Form Fields - Cross Site Request Forgery (CSRF)
> https://www.drupal.org/node/2407357
>
> SA-CONTRIB-2015-021 - Content Analysis - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2407395
>
> SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2407401
>
> SA-CONTRIB-2015-023 - Classified Ads - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2411527
>
> SA-CONTRIB-2015-024 - Alfresco - Cross Site Request Forgery (CSRF)
> https://www.drupal.org/node/2411523
>
> SA-CONTRIB-2015-025 - Patterns - Cross Site Request Forgery (CSRF)
> https://www.drupal.org/node/2411539
>
> SA-CONTRIB-2015-026 - Taxonews - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2411573
>
> SA-CONTRIB-2015-027 - Quizzler - Cross Site Scripting (XSS)
> https://www.drupal.org/node/2411579
>
> SA-CONTRIB-2015-028 - Shibboleth Authentication - Cross Site Request
> Forgery (CSRF)
> https://www.drupal.org/node/2411737
>
> SA-CONTRIB-2015-029 - Corner - Cross Site Request Forgery (CSRF)
> https://www.drupal.org/node/2411741
>
> SA-CONTRIB-2015-030 - Amazon AWS - Access bypass
> https://www.drupal.org/node/2415873
>
> SA-CONTRIB-2015-031 - GD Infinite Scroll - XSS
> SA-CONTRIB-2015-031 - GD Infinite Scroll - CSRF
> SA-CONTRIB-2015-031 - GD Infinite Scroll - Open Redirect
> https://www.drupal.org/node/2415885
>
> SA-CONTRIB-2015-032 - Node Invite - XSS
> SA-CONTRIB-2015-032 - Node Invite - CSRF
> https://www.drupal.org/node/2415899
>
> SA-CONTRIB-2015-033 - Certify - Access bypass
> SA-CONTRIB-2015-033 - Certify - Information disclosure
> https://www.drupal.org/node/2415947
>
>
> Many thanks
> Pere Orga on behalf of the Drupal Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ