Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: Drupal Data-module multiple vulnerabilities
From: Josh Bressers <bressers () redhat com>
Date: Tue, 26 Jul 2011 15:32:26 -0400 (EDT)

----- Original Message -----
These issues does not have CVE-identifiers. Could we get one?


I asked from Justin Klein Keane and he wasn't aware of CVE-identifier.
I think this needs identifier even this is an alpha release as this
module is used by some production instances. If I am correct two
identifiers should be enough. One for XSS and another for SQL

Discussion about the issue: http://drupal.org/node/1056470

Please use CVE-2011-2714 for the XSS.

CVE-2011-2715 is for the SQL injection.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]