Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 17 Jul 2013 00:03:37 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Forest Monsen <forest.monsen@...il.com>
Subject: Re: CVE request for Drupal contrib modules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/16/2013 03:36 PM, Forest Monsen wrote:
> Hi there,
> 
> I'd like to request CVE identifiers for:
> 
> SA-CONTRIB-2013-055 - Hatch - Cross Site Scripting 
> https://drupal.org/node/2038363

Please use CVE-2013-4138 for this issue.

> SA-CONTRIB-2013-056 - Stage File Proxy - Denial of Service 
> https://drupal.org/node/2038801


Please use CVE-2013-4139 for this issue.

> SA-CONTRIB-2013-057 - TinyBox - Cross Site Scripting (XSS) 
> https://drupal.org/node/2038807


Please use CVE-2013-4140 for this issue.

> Thanks!
> 
> Forest
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR5jO5AAoJEBYNRVNeJnmTrqcP/0I1Q++UVyJlYnfMYFjllcpJ
1YVURdWIazG/12bx5RIBPK5FFDKbsTpgLdFW9bJ8kqquUC3AVawGxbVh7mcdMHOQ
qqGmY2pKTuESTCzGmXYA6Ktyelfdbo5mr9KzrewHLdMCzUyRS50jmTZWUobKK3du
yvOT8hPfPoZB/1xP2bI7dNufcYCapMCgSJBwg9pOPCsXA2kFRIvtmuxKFpjC69LC
xZeQkNxfQL1Dv3oXzjxeOJTZiNQeCcnu0oSjsGr/axccpEpMKSgUaKa8Wx+F1hG4
6VjAXiVpcjWuu/A9u8Ms/blUht/EeGFTqXnjxvK2Kfepu4EgAcdMrwzZLawlx/z+
SgnbJXh6XRNYOIDPyiBsmpJkakn/xdZe/vk25KxafUg6f3OhSePR04ZE2xCYDa5m
xsdVFycKlQkLzCnQFwp2VtUelX59pjW2X35oLBkU2AGwbrFk9XGWseMYXcDwIG4I
e17Y01nMIt2eLSh2sgNhzbjqxpA6owV5ItAzRb28CfGG1fIag1O3uBKowZjiu+R7
1wJLU/Ww7ILho7C6ZeG4B6yaFzdipzJclVA++/OhxNpd/2je0Kt3x34xoEnPkHam
A51m6spUf5TZhpIj7ZQuUhmgLf/DYTUcCujagRFKocZXYf/1M5/NH7ItK/6uBoY2
HbnvcvT8zJFcII7IkhHi
=MTgT
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.