Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Oct 2015 18:45:21 +0200
From: Pere Orga <pere@...a.cat>
To: CVE ID Requests <cve-assign@...re.org>
Cc: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, 
	Drupal Security Team <security@...pal.org>, "Evans, Jonathan L." <jevans@...re.org>
Subject: Re: CVE Requests for Drupal contributed modules (from
 SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)

On Wed, Oct 21, 2015 at 1:50 PM, Evans, Jonathan L. <jevans@...re.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> CVE IDs were assigned by MITRE to most of the vulnerabilities in
> SA-CONTRIB-2015-132 through SA-CONTRIB-2015-151 before this request was made.
> To help avoid duplicates, we request that you check the existing IDs before
> asking for a new one.

Ok, sorry for that.

[..]

>> SA-CONTRIB-2015-138 - Compass Rose - Cross Site Scripting (XSS)
>> https://www.drupal.org/node/2546174
>
> The advisory is not clear whether the vulnerability is in the unnamed Javascript
> library or the Compass Rose module.  If the former, we need to know the name of
> the library to ensure we do not issue a duplicate ID.
>

The vulnerability is in the Compass Rose module, not in the
jQueryRotate library.

Thanks

Regards
Pere

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ