Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Oct 2015 18:45:21 +0200
From: Pere Orga <>
To: CVE ID Requests <>
Cc: "" <>, 
	Drupal Security Team <>, "Evans, Jonathan L." <>
Subject: Re: CVE Requests for Drupal contributed modules (from
 SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)

On Wed, Oct 21, 2015 at 1:50 PM, Evans, Jonathan L. <> wrote:
> Hash: SHA1
> CVE IDs were assigned by MITRE to most of the vulnerabilities in
> SA-CONTRIB-2015-132 through SA-CONTRIB-2015-151 before this request was made.
> To help avoid duplicates, we request that you check the existing IDs before
> asking for a new one.

Ok, sorry for that.


>> SA-CONTRIB-2015-138 - Compass Rose - Cross Site Scripting (XSS)
> The advisory is not clear whether the vulnerability is in the unnamed Javascript
> library or the Compass Rose module.  If the former, we need to know the name of
> the library to ensure we do not issue a duplicate ID.

The vulnerability is in the Compass Rose module, not in the
jQueryRotate library.



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ