Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <EB7899C0-F95C-4474-8881-4ADFA048D866@brauerranch.com>
Date: Wed, 3 Oct 2012 18:06:22 -0600
From: Joshua Brauer <joshua@...uerranch.com>
To: kseifried@...hat.com,
 oss-security@...ts.openwall.com
Subject: CVE Request for Drupal Contributed Modules


This is a batch CVE request for several already published/resolved issues with contributed modules for the Drupal project.

http://drupal.org/node/1649346 | SA-CONTRIB-2012-104 - Privatemsg - Cross Site Scripting (XSS)
http://drupal.org/node/1663306 | SA-CONTRIB-2012-105 - Hashcash - Cross Site Scripting (XSS)
http://drupal.org/node/1679412 | SA-CONTRIB-2012-106 - Listhandler - Access Bypass
http://drupal.org/node/1679422 | SA-CONTRIB-2012-107 - Search autocomplete - Access bypass
http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Arbitrary PHP code execution
http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Cross Site Scripting
http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Access bypass
http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Cross Site Request Forgery
http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - SQL Injection
http://drupal.org/node/1679466 | SA-CONTRIB-2012-109 - Restrict node page view - Access bypass
http://drupal.org/node/1679486 | SA-CONTRIB-2012-110 - Colorbox Node - Cross Site Scripting (XSS)
http://drupal.org/node/1679532 | SA-CONTRIB-2012-111 - Security Questions - Access Bypass

Thanks,
Josh - on behalf of the Drupal security team.




Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.