oss-sec mailing list archives
Re: CVE Request for Drupal Contributed Modules
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 25 Nov 2012 18:13:49 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks to daniel () opensecurityfoundation org who caught a pretty significant error I made (I typo'ed 154->155 and forgot to assign for 154). On 11/20/2012 01:35 PM, Kurt Seifried wrote:
On 11/17/2012 10:29 PM, Forest Monsen wrote:Hello!Here's a batch CVE request for a number of previously published and resolved issues with contributed modules for the Drupal project. As noted in http://www.openwall.com/lists/oss-security/2012/11/05/4, I have volunteered to coordinate our CVE requests.Forest Monsen, on behalf of the Drupal Security TeamPlease see bottom of email for CVEs
Ahh I made an error, simplest way to clean this up seems to be reject the one and properly assign for 154 which I forgot to do.
- SA-CONTRIB-2012-154 - Basic webmail - Cross Site Scripting http://drupal.org/node/1808852- SA-CONTRIB-2012-154 - Basic webmail - Information Disclosure http://drupal.org/node/1808852- SA-CONTRIB-2012-155 - ShareThis - Cross Site Scripting (XSS) http://drupal.org/node/1808856
Please use the following: CVE-2012-5545 Drupal SA-CONTRIB-2012-155 XSS CVE-2012-5546 Drupal SA-CONTRIB-2012-155 Information Disclosure
Please REJECT CVE-2012-5546. The one assigned for CVE-2012-5545 is fine. For 154: SA-CONTRIB-2012-154 - XSS please use SA-CONTRIB-2012-154 - Information disclosure please use - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQssJNAAoJEBYNRVNeJnmTbv4P/1I9wlpp4Om9TLUq9HjcyUbJ 2BozganGckQQAtwFxearF6Dlbk+LCcS8n4p/heFeTACG89CevlAHhP3h57vAVp1S 5vmCdoiwxIE4lv3Dn24iX0UxcQGnUU6WY9n6BZqhcWH2NWFbRMPyF/Ce0LwIgfYy Dt+0NCh+fRn2Czlpnmo84zzVu3TN51mRNGzEFPDhL2ZdMwP3Krt4PjUi23aEOKgj bKblX0p5rKn8Ey8LfoddTOmsSZ7n/6oh5+4qAH11YfuIFGQFDDCcRELuu3R/vw+P NPBZjNSTZyo6MnF82mYncKq3qBDpxRxH0hYsRnp+5sA8qGi1nq1GSDhuua02h9VL Nd/wulZf4R8fNRyug4BZz89MKq00A6D9W45gO+wQPM6piWu0sNn6bXQn58CxMohm 82AghIvc4rKltGBHdqlTz+agtf2G7vKupjZPsXUfO75t6dHYFtWQX4RRhxXTAzxy oIjznaUeC9WqFpXeUAcznlRzJPoz9+VhxUd3LZiDPWBRXLy0kQ8R3AKWjv4WeP2E zokvqf0gFq0VsMBVRTWLDo+EKNhYsTIU6+JPe/zpt2pbdzzOjY2EhfQQ26jM93xB 708aPXq2YSQQ9bdSsekB1kjzYqCJBkh0Z2bdwN1HrDlH2BH7zx/piENEr/dptksz HPy0SSjeDis8mTwnA9ec =s48E -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request for Drupal Contributed Modules, (continued)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 04)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- Re: CVE Request for Drupal Contributed Modules Steven M. Christey (Oct 31)
- Re: CVE Request for Drupal Contributed Modules Greg Knaddison (Nov 05)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- CVE Request for Drupal Contributed Modules Forest Monsen (Nov 17)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 25)
- Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 26)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 26)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 28)