oss-sec mailing list archives
Re: CVE Request for Drupal Contributed Modules
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 03 Oct 2012 20:20:35 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/03/2012 06:06 PM, Joshua Brauer wrote:
This is a batch CVE request for several already published/resolved issues with contributed modules for the Drupal project. http://drupal.org/node/1649346 | SA-CONTRIB-2012-104 - Privatemsg - Cross Site Scripting (XSS) http://drupal.org/node/1663306 | SA-CONTRIB-2012-105 - Hashcash - Cross Site Scripting (XSS) http://drupal.org/node/1679412 | SA-CONTRIB-2012-106 - Listhandler - Access Bypass http://drupal.org/node/1679422 | SA-CONTRIB-2012-107 - Search autocomplete - Access bypass http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Arbitrary PHP code execution http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Cross Site Scripting http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Access bypass http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Cross Site Request Forgery http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - SQL Injection http://drupal.org/node/1679466 | SA-CONTRIB-2012-109 - Restrict node page view - Access bypass http://drupal.org/node/1679486 | SA-CONTRIB-2012-110 - Colorbox Node - Cross Site Scripting (XSS) http://drupal.org/node/1679532 | SA-CONTRIB-2012-111 - Security Questions - Access Bypass Thanks, Josh - on behalf of the Drupal security team.
Perfect, this is easy =). Please use the following CVEs: CVE-2012-4468 SA-CONTRIB-2012-104 CVE-2012-4469 SA-CONTRIB-2012-105 CVE-2012-4470 SA-CONTRIB-2012-106 CVE-2012-4471 SA-CONTRIB-2012-107 CVE-2012-4472 SA-CONTRIB-2012-108 CVE-2012-4473 SA-CONTRIB-2012-109 CVE-2012-4474 SA-CONTRIB-2012-110 CVE-2012-4475 SA-CONTRIB-2012-111 - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQbPJzAAoJEBYNRVNeJnmTcsQP/05luypQ2Wp6z+zsSHVd+a8x zwj1De0kIKoEugjezID24IAYmy1G2QQTl57mRKEgb2WgWImqNBbUSvJ6fuSB9xq0 giSwvAWTmoFFzhJBLY1TaF3L+9uo58hqp6hxTH1BpNFTfkORnUvn/HaPanUmAo/9 DHG1R9efIYLvTTyD3ALoA8xcLTl33vnbTMgnubxOB+y/a6Ovhq1icueyshefmKGc AFDqLbZGcpi9D1SF28ys0pNe9q1pGxysruDo9VPJILcfq+UJctVqsf036hRg95Et LdhHHVk5vWVbb+yH9A0hWBxloO0iaXlIGJpPtx7xmbUVmewXWpiyvZ9Kh2/SYlEK N4xSPEBIbTtbmgm0qjS/zVDd3vlW0ZOeN/TVmm/mg7DZngn3QfWTC1QJ7dIisGfO 5FKy+NiA/kQSZdZs2GVR/Aq20oR1/kYH0YTORVR9YtdSvr0dsXv2xJIuXdeTgSR9 f8uo6KlISk/FOUUeLN/Eoe3VmmLm9MW7OkJY6kVaTD5M/TByPz6bCQxumfXrCw+/ OusmbwNcvBAmxQn9n9bD61+1JfvdYVsfVKafKQTpm9nXTJsQ1161trC36N1kaH5E WU8LeeBANz14xEX6TQVqSwcXNfYDdm9++ePKP4tMQcPav3CHpF4jSPSSEMIQuCWl zouflR/IkanhMJlXqCR/ =Vs4T -----END PGP SIGNATURE-----
Current thread:
- CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- <Possible follow-ups>
- CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 04)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- Re: CVE Request for Drupal Contributed Modules Steven M. Christey (Oct 31)
- Re: CVE Request for Drupal Contributed Modules Greg Knaddison (Nov 05)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- CVE Request for Drupal Contributed Modules Forest Monsen (Nov 17)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 25)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)