Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 25 Nov 2012 18:13:49 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Forest Monsen <forest.monsen@...il.com>, daniel@...nsecurityfoundation.org
Subject: Re: CVE Request for Drupal Contributed Modules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks to daniel@...nsecurityfoundation.org who caught a pretty
significant error I made (I typo'ed 154->155 and forgot to assign for
154).

On 11/20/2012 01:35 PM, Kurt Seifried wrote:
> On 11/17/2012 10:29 PM, Forest Monsen wrote:
>> Hello!
> 
>> Here's a batch CVE request for a number of previously published 
>> and resolved issues with contributed modules for the Drupal 
>> project. As noted in 
>> http://www.openwall.com/lists/oss-security/2012/11/05/4, I have 
>> volunteered to coordinate our CVE requests.
> 
>> Forest Monsen, on behalf of the Drupal Security Team
> 
> Please see bottom of email for CVEs

Ahh I made an error, simplest way to clean this up seems to be reject
the one and properly assign for 154 which I forgot to do.


>> - SA-CONTRIB-2012-154 - Basic webmail - Cross Site Scripting 
>> http://drupal.org/node/1808852
> 
>> - SA-CONTRIB-2012-154 - Basic webmail - Information Disclosure 
>> http://drupal.org/node/1808852
> 
>> - SA-CONTRIB-2012-155 - ShareThis - Cross Site Scripting (XSS) 
>> http://drupal.org/node/1808856

> Please use the following:
> 
> CVE-2012-5545 Drupal SA-CONTRIB-2012-155 XSS CVE-2012-5546 Drupal
> SA-CONTRIB-2012-155 Information Disclosure

Please REJECT CVE-2012-5546. The one assigned for CVE-2012-5545 is fine.

For 154:

SA-CONTRIB-2012-154 - XSS please use
SA-CONTRIB-2012-154 - Information disclosure please use

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQssJNAAoJEBYNRVNeJnmTbv4P/1I9wlpp4Om9TLUq9HjcyUbJ
2BozganGckQQAtwFxearF6Dlbk+LCcS8n4p/heFeTACG89CevlAHhP3h57vAVp1S
5vmCdoiwxIE4lv3Dn24iX0UxcQGnUU6WY9n6BZqhcWH2NWFbRMPyF/Ce0LwIgfYy
Dt+0NCh+fRn2Czlpnmo84zzVu3TN51mRNGzEFPDhL2ZdMwP3Krt4PjUi23aEOKgj
bKblX0p5rKn8Ey8LfoddTOmsSZ7n/6oh5+4qAH11YfuIFGQFDDCcRELuu3R/vw+P
NPBZjNSTZyo6MnF82mYncKq3qBDpxRxH0hYsRnp+5sA8qGi1nq1GSDhuua02h9VL
Nd/wulZf4R8fNRyug4BZz89MKq00A6D9W45gO+wQPM6piWu0sNn6bXQn58CxMohm
82AghIvc4rKltGBHdqlTz+agtf2G7vKupjZPsXUfO75t6dHYFtWQX4RRhxXTAzxy
oIjznaUeC9WqFpXeUAcznlRzJPoz9+VhxUd3LZiDPWBRXLy0kQ8R3AKWjv4WeP2E
zokvqf0gFq0VsMBVRTWLDo+EKNhYsTIU6+JPe/zpt2pbdzzOjY2EhfQQ26jM93xB
708aPXq2YSQQ9bdSsekB1kjzYqCJBkh0Z2bdwN1HrDlH2BH7zx/piENEr/dptksz
HPy0SSjeDis8mTwnA9ec
=s48E
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.