Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMYtjAoxMAWLS9nQHu4gbtJzHypgORmrAcQKd6JYAvSTA=OmOw@mail.gmail.com>
Date: Sat, 24 Oct 2015 18:45:21 +0200
From: Pere Orga <pere@...a.cat>
To: CVE ID Requests <cve-assign@...re.org>
Cc: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, 
	Drupal Security Team <security@...pal.org>, "Evans, Jonathan L." <jevans@...re.org>
Subject: Re: CVE Requests for Drupal contributed modules (from
 SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156)

On Wed, Oct 21, 2015 at 1:50 PM, Evans, Jonathan L. <jevans@...re.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> CVE IDs were assigned by MITRE to most of the vulnerabilities in
> SA-CONTRIB-2015-132 through SA-CONTRIB-2015-151 before this request was made.
> To help avoid duplicates, we request that you check the existing IDs before
> asking for a new one.

Ok, sorry for that.

[..]

>> SA-CONTRIB-2015-138 - Compass Rose - Cross Site Scripting (XSS)
>> https://www.drupal.org/node/2546174
>
> The advisory is not clear whether the vulnerability is in the unnamed Javascript
> library or the Compass Rose module.  If the former, we need to know the name of
> the library to ensure we do not issue a duplicate ID.
>

The vulnerability is in the Compass Rose module, not in the
jQueryRotate library.

Thanks

Regards
Pere

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.