oss-sec mailing list archives
Re: CVE request for Drupal contributed modules
From: cve-assign () mitre org
Date: Thu, 31 Jul 2014 02:35:39 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
We'd like to request CVE identifiers for:
SA-CONTRIB-2014-073- Date - Cross Site Scripting (XSS) https://www.drupal.org/node/2312609
Use CVE-2014-5169.
SA-CONTRIB-2014-074 - Storage API - Code execution https://www.drupal.org/node/2312769
Use CVE-2014-5170. This can be characterized as an implementation error in setting up a defense in depth mechanism. In other words, the module maintainer was supposed to obtain .htaccess file content from one resource, but instead obtained .htaccess file content from a wrong or obsolete resource. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJT2eMhAAoJEKllVAevmvmsCK8H/A3eA35sDLP0kSzujR9ioSgP WphxIIvZ4JEp0pnqFO1wlUvAISON4jtSEAyo4t+ts8EIPB4Xhc1AMi/wc1VArOTD 18DUYBIso1RbcSL+pRs8/1fx68ylc27Pj5mW+LM2QxK32Vjqc2r1grlKWA/6omX+ VBFEzh7BxvGvO+l5CR64ZrQiQrEMPi9cgp2fIMnkdSxDxbsokUWuiMjmwRuF6zLO o2nlVk3EnGTHDPzlcj+uBEReADSkFnKYjslZj/vf/M/MBWJ0HcNyspUK67aqQje1 sPECKPf5w3uToR0vJSbx83aiMCtWvxybGxD0+Wkg8r+k4B3WCqH+yX6F4SQIwzQ= =hNAC -----END PGP SIGNATURE-----
Current thread:
- CVE request for Drupal contributed modules Forest Monsen (Jul 30)
- Re: CVE request for Drupal contributed modules cve-assign (Jul 30)