oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request for Drupal contributed modules

From: cve-assign () mitre org
Date: Thu, 31 Jul 2014 02:35:39 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


We'd like to request CVE identifiers for:



SA-CONTRIB-2014-073- Date - Cross Site Scripting (XSS)
https://www.drupal.org/node/2312609


Use CVE-2014-5169.



SA-CONTRIB-2014-074 - Storage API - Code execution
https://www.drupal.org/node/2312769


Use CVE-2014-5170. This can be characterized as an implementation
error in setting up a defense in depth mechanism. In other words, the
module maintainer was supposed to obtain .htaccess file content from
one resource, but instead obtained .htaccess file content from a wrong
or obsolete resource.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT2eMhAAoJEKllVAevmvmsCK8H/A3eA35sDLP0kSzujR9ioSgP
WphxIIvZ4JEp0pnqFO1wlUvAISON4jtSEAyo4t+ts8EIPB4Xhc1AMi/wc1VArOTD
18DUYBIso1RbcSL+pRs8/1fx68ylc27Pj5mW+LM2QxK32Vjqc2r1grlKWA/6omX+
VBFEzh7BxvGvO+l5CR64ZrQiQrEMPi9cgp2fIMnkdSxDxbsokUWuiMjmwRuF6zLO
o2nlVk3EnGTHDPzlcj+uBEReADSkFnKYjslZj/vf/M/MBWJ0HcNyspUK67aqQje1
sPECKPf5w3uToR0vJSbx83aiMCtWvxybGxD0+Wkg8r+k4B3WCqH+yX6F4SQIwzQ=
=hNAC
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: