Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4FD94D2B.4020102@redhat.com>
Date: Wed, 13 Jun 2012 20:32:11 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Greg Knaddison <greg.knaddison@...uia.com>
Subject: Re: CVE Request for Drupal contributed modules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Apologies for the delay in CRUPAL SA-CONTRIB CVE assignments, here's
the current batch:


CVE-2012-2699 SA-CONTRIB-2012-073 - Glossary - Cross-Site Scripting (XSS)
CVE-2012-2700 SA-CONTRIB-2012-074 - Contact Forms - Access Bypass
CVE-2012-2701 SA-CONTRIB-2012-075 - Take Control - Cross Site Request
Forgery (CSRF)
CVE-2012-2702 SA-CONTRIB-2012-076 - Ubercart Product Keys Access Bypass
CVE-2012-2703 SA-CONTRIB-2012-077 - Advertisement - Cross Site
Scripting & Information Disclosure - XSS
CVE-2012-2704 SA-CONTRIB-2012-077 - Advertisement - Cross Site
Scripting & Information Disclosure - Information Disclosure
CVE-2012-2705 SA-CONTRIB-2012-078 - Smart Breadcrumb - Cross Site
Scripting (XSS)
CVE-2012-2706 SA-CONTRIB-2012-079 - Post Affiliate Pro - Cross Site
Scripting (XSS) and Access Bypass - Unsupported
CVE-2012-2707 SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass
and Cross Site Scripting (XSS) - access bypass
CVE-2012-2708 SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass
and Cross Site Scripting (XSS) - XSS
CVE-2012-2709 SA-CONTRIB-2012-081 - Aberdeen - Cross Site Scripting
CVE-2012-2710 SA-CONTRIB-2012-082 - Zen - Cross Site Scripting
CVE-2012-2711 SA-CONTRIB-2012-083 - Taxonomy List - Cross Site
Scripting (XSS)
CVE-2012-2712 SA-CONTRIB-2012-084 - Search API - Cross Site Scripting
(XSS)
CVE-2012-2713 SA-CONTRIB-2012-085 - BrowserID - Multiple
Vulnerabilities - CSRF
CVE-2012-2714 SA-CONTRIB-2012-085 - BrowserID - Multiple
Vulnerabilities - BrowserID login theft
CVE-2012-2715 SA-CONTRIB-2012-086 - Amadou - Cross Site Scripting
CVE-2012-2716 SA-CONTRIB-2012-087 - Comment Moderation - Cross Site
Request Forgery
CVE-2012-2717 SA-CONTRIB-2012-088 - Mobile Tools - Cross Site
Scripting (XSS)
CVE-2012-2718 SA-CONTRIB-2012-089 - Counter - SQL Injection (unsupported)
CVE-2012-2719 SA-CONTRIB-2012-090 - File depot - Session Management
Vulnerability
CVE-2012-2720 SA-CONTRIB-2012-091 - Token Authentication - Access bypass
CVE-2012-2721 SA-CONTRIB-2012-092 - Organic Groups - Cross Site
Scripting (XSS) and Access Bypass
CVE-2012-2722 SA-CONTRIB-2012-093 - Node Embed - Access Bypass
CVE-2012-2723 SA-CONTRIB-2012-094 - Maestro module - Cross Site
Request Forgery (CSRF), Cross Site Scripting (XSS)
CVE-2012-2724 SA-CONTRIB-2012-095 - Simplenews - Information Disclosure
CVE-2012-2725 SA-CONTRIB-2012-096 - Authoring HTML - Cross Site
Scripting (XSS)
CVE-2012-2726 SA-CONTRIB-2012-097 - Protest - Cross Site Scripting (XSS)
CVE-2012-2727 SA-CONTRIB-2012-098 - Janrain Capture - Open Redirect
CVE-2012-2728 SA-CONTRIB-2012-099 - Node Hierarchy - Cross Site
Request Forgery (CSRF)
CVE-2012-2729 SA-CONTRIB-2012-100 - SimpleMeta - Cross Site Request
Forgery (CSRF)
CVE-2012-2730 SA-CONTRIB-2012-101 - Protected Node - Access Bypass
CVE-2012-2731 SA-CONTRIB-2012-102 - Ubercart AJAX Cart - Potential
Disclosure of user Session ID
CVE-2012-2732 SA-CONTRIB-2012-103 - Global Redirect - Open Redirect


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP2U0rAAoJEBYNRVNeJnmTvmYQAIPqLmDYtoOZ0qvQwnJ2D3ZG
CfGfstBLRTrlEkhSMiEHLztjBCUEnsBz8hvFZ1vA3dBkWuvw4BLBHaONHJ/GZES8
lMpdVh/1nP0AwqYSOloHjvHOZlI57xWbrmqi517gYM2cBDyZ13527bCeFTAVNOnS
9uE60cWJfpCrejLrGj7AtZgLPBuyWFnAfPHEDWbZCrq+Di1fjddYK5JBQRTrUE5E
W1rtx43b3KrO33MgQ33TAdmFkMKXulK4BBUT44DyB2OD2DBqsCi/xgFXRBtu7hii
RVGYBCw6YxXXW8y86eF10nsURSwl3IZImtaA/z/me9wEPZEG+Mdjmf5zc85kZVtj
BS8CoOJq1dbNMmPBWptG5tdITWlrRZLEHc2RgjiiVsoSlIPH+X+mg9bvwNkayDzQ
2UhSFqxP1FFeC/HoWekCA7ZScQhQ1qLdOzUfKTMMAYb06kD7A3ZrQPF3r10UHSLh
+hE09FF8UiTJo9WsOK7oeFnByWLtcvOs2lQ2AHWIHbsfPxNC9ckHz7AyLHkypPg0
qPc+Ljw8LVvNnJSodFWszqRwi+1mAAfTqbvoXYh8EcGIMDiPDBJPX5AtMFjARQs1
8ikC5ABumFv/yvlVuksDl9HfPGqd6oBXG8ZyMoFKoyHHIDZprJ8Y0SxUMTy3DIaP
t3ETs2fViyvuPN+S+itX
=6Pqs
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.