Date: Wed, 6 Nov 2013 10:32:37 -0800 From: Forest Monsen <forest.monsen@...il.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: CVE request for Drupal contributed modules On Sun, Nov 3, 2013 at 8:36 AM, Kurt Seifried <kseifried@...hat.com> wrote: > > SA-CONTRIB-2013-083 - Quiz - Access Bypass > > https://drupal.org/node/2123995 (This appears to me to be two > > issues; an access bypass, and an access bypass leading to > > information disclosure.) > > Yes, two issues, two reporters, so CVE SPLIT to two CVE's, I can't > match the reporter to the issue though without more info, if you can > post that in a follow up it'd be helpful to Mitre. > No problem. See below: > Please use CVE-2013-4500 for Drupal SA-CONTRIB-2013-083 - Quiz - > Access Bypass in deleting quiz results > Reported by 'nirvanajyothi', https://drupal.org/user/252387 Please use CVE-2013-4501 for Drupal SA-CONTRIB-2013-083 - Quiz - > Access Bypass in viewing quiz results Reported by 'Cat Hirst,' https://drupal.org/user/162748
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.