CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer

[Murray McAllister <mmcallis () redhat com>]

Good morning,

Could a CVE please be assigned to 
http://seclists.org/fulldisclosure/2014/May/44 if one has not been already?

Apart from version 7, drupal6-flag-2.1-1.fc20 looks affected - patch 
applies, but I did not test it. For an older version, 
drupal6-flag-1.3-3.fc19 appears unaffected.

Cheers,

--
Murray McAllister / Red Hat Security Response Team

https://bugzilla.redhat.com/show_bug.cgi?id=1096604