Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 12 Aug 2013 10:27:09 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Forest Monsen <forest.monsen@...il.com>, Henri Salo <henri@...v.fi>,
        Assign a CVE Identifier <cve-assign@...re.org>
Subject: Re: CVE request for Drupal contributed modules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/11/2013 10:06 PM, Forest Monsen wrote:
> Good, thanks Henri.
> 
> 
> On Sat, Aug 10, 2013 at 12:38 AM, Henri Salo <henri@...v.fi>
> wrote:
> 
>> On Fri, Aug 09, 2013 at 10:02:59PM -0600, Kurt Seifried wrote:
>>> On 08/09/2013 05:29 PM, Forest Monsen wrote:
>>>> Hi there,
>>>> 
>>>> I'd like to request CVE identifiers for...
>>>> 
>>>> SA-CONTRIB-2013-061 - Flippy - Access Bypass 
>>>> https://drupal.org/node/2054701
>>>> 
>>>> SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) - Access 
>>>> Bypass https://drupal.org/node/2059603
>>>> 
>>>> SA-CONTRIB-2013-063 - Authenticated User Page Caching
>>>> (Authcache) - Information Disclosure
>>>> https://drupal.org/node/2059589
>>>> 
>>>> SA-CONTRIB-2013-064 - Persona - Cross site request forgery
>>>> (CSRF) https://drupal.org/node/2059599
>>>> 
>>>> SA-CONTRIB-2013-065 - Organic Groups - Access Bypass 
>>>> https://drupal.org/node/2059765
>>>> 
>>>> SA-CONTRIB-2013-066 - Monster Menus - Multiple
>>>> Vulnerabilities (Looks like two here: XSS, and an Access
>>>> Bypass vuln) https://drupal.org/node/2059823
>>>> 
>>>> Thanks!
>>>> 
>>>> Best, Forest
>>>> 
>>> 
>>> Yup
>>> 
>>> CVE-2013-4224 SA-CONTRIB-2013-061 - Flippy - Access Bypass
>>> 
>>> CVE-2013-4225 SA-CONTRIB-2013-062 - RESTful Web Services
>>> (RESTWS) - Access Bypass
>>> 
>>> CVE-2013-4226 SA-CONTRIB-2013-063 - Authenticated User Page
>>> Caching (Authcache) -Information Disclosure
>>> 
>>> CVE-2013-4227 SA-CONTRIB-2013-064 - Persona - Cross site
>>> request forgery (CSRF)
>>> 
>>> CVE-2013-4228 SA-CONTRIB-2013-065 - Organic Groups - Access
>>> Bypass
>>> 
>>> CVE-2013-4229 SA-CONTRIB-2013-066 - Monster Menus XSS
>>> 
>>> CVE-2013-4230 SA-CONTRIB-2013-066 - Monster Menus Access
>>> Bypass
>> 
>> CVE-2013-4187 has been assigned already for
>> SA-CONTRIB-2013-061[1]. CVE-2013-4224 should be REJECTED if I am
>> correct, thanks.
>> 
>> 1: http://www.openwall.com/lists/oss-security/2013/08/01/1
>> 
>> --- Henri Salo
>> 
> 

Thanks all for catching it. Please REJECT CVE-2013-4224, use the
originally assigned CVE-2013-4187 please.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJSCQzdAAoJEBYNRVNeJnmTDGoP/0rbe9yEUlqBXeBXNAem/3C4
CF7tKsx+EDTHegRWtFZgmiRqNWzCJfLoWGLO79Klu5HT/pmmnHX6ESMdFJqcjlDV
CmNSU8di/K8JJdZGIgAwp3JyEiIRlRVnMwKy/AeintaiPRGxl5qSy3N4qVWwdUz/
Zn3ss5wjNDyPrq106wTtbFY+BiKprR5RvIx+bBMXmP0D6sqEuXb73laWnv9nRPgz
HoYL65aoEGVWZq3SIyKVF5lNaIPZhKbHSyXp1cmO0sy29aPwl1hjJTvoimyTUBka
5CRmUAg25NR/GJdP8GYMCQiU/Az8Lu3UVrxzgRyzZYjpVcoD3l/icdJqs/PiD/TW
w/85sWoIbSoZX9ZaHQFc0rzj3NiGVxKi2x/2FUBouFgf7Vxlfn/dva5oLiPNdQgL
ADCW92Pbgp4Bk3N0YH++f1vrhYzZ+W6D4wQgaFhH0nqXv7LfjDsXnSfHV0kid83+
qGi8FCA8+N88gfwBzQfpnIq9nsWanuOQO9BMdgFZXKEFxSsYnWGNLx5UWL444x7F
ojka3OHBc8A+/i+Ty+g5qXhL7wWrCAgo6UYLMZ4hXIJjNlLeO9lpLNe+dAQ+y6Jm
pBEUgiLoYBHSmtpavQv2UVmkfKcwXoY+7+NO5Z/4kQUAZBKCGSNKIz4oIS0KXmK+
zTkz+Hb03mnBrR/LOndZ
=8/DX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.