|
Message-ID: <20140120161848.GB18661@kludge.henri.nerv.fi>
Date: Mon, 20 Jan 2014 18:18:48 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request for Drupal contributed modules
On Mon, Jan 20, 2014 at 03:30:34AM -0800, Forest Monsen wrote:
> Hi there, I'd like to request CVE identifiers for:
>
> SA-CONTRIB-2013-098 - Ubercart - Session Fixation Vulnerability
> https://drupal.org/node/2158651
>
> SA-CONTRIB-2014-001 - Entity API - Access Bypass
> https://drupal.org/node/2169595
>
> SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)
> https://drupal.org/node/2173321
>
> Thanks!
>
> Best,
> Forest
https://drupal.org/node/2169595 already has CVEs:
CVE-2014-1398 (Comment, User and Node Statistics property access bypass)
CVE-2014-1399 (Entity list property access bypass)
CVE-2014-1400 (Unpublished comments access bypass)
As far as I know SA-CONTRIB-2013-098 and SA-CONTRIB-2014-002 are still missing
CVEs.
---
Henri Salo
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.