Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CABbbngAhkgEVTjf=Nt26zNJAhpemnAMG5uqoF9z8Ov6QRBwcvA@mail.gmail.com>
Date: Wed, 6 Nov 2013 10:32:37 -0800
From: Forest Monsen <forest.monsen@...il.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: CVE request for Drupal contributed modules

On Sun, Nov 3, 2013 at 8:36 AM, Kurt Seifried <kseifried@...hat.com> wrote:

> > SA-CONTRIB-2013-083 - Quiz - Access Bypass
> > https://drupal.org/node/2123995 (This appears to me to be two
> > issues; an access bypass, and an access bypass leading to
> > information disclosure.)
>
> Yes, two issues, two reporters, so CVE SPLIT to two CVE's, I can't
> match the reporter to the issue though without more info, if you can
> post that in a follow up it'd be helpful to Mitre.
>

No problem. See below:


> Please use  CVE-2013-4500 for Drupal SA-CONTRIB-2013-083 - Quiz -
> Access Bypass in deleting quiz results
>

Reported by 'nirvanajyothi', https://drupal.org/user/252387

 Please use CVE-2013-4501 for Drupal SA-CONTRIB-2013-083 - Quiz -
> Access Bypass in viewing quiz results


Reported by 'Cat Hirst,' https://drupal.org/user/162748

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.