Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request for Drupal Contributed Modules
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 20 Nov 2012 13:35:32 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/17/2012 10:29 PM, Forest Monsen wrote:
Hello!

Here's a batch CVE request for a number of previously published
and resolved issues with contributed modules for the Drupal
project. As noted in
http://www.openwall.com/lists/oss-security/2012/11/05/4, I have
volunteered to coordinate our CVE requests.

Forest Monsen, on behalf of the Drupal Security Team

Please see bottom of email for CVEs

- SA-CONTRIB-2012-146 - Simplenews Scheduler - Arbitrary code
execution http://drupal.org/node/1789284

- SA-CONTRIB-2012-147 - FileField Sources - Cross Site Scripting
(XSS) http://drupal.org/node/1789306

- SA-CONTRIB-2012-148 - Organic Groups - Access Bypass 
http://drupal.org/node/1796036

- SA-CONTRIB-2012-149 - Hostip - Cross Site Scripting (XSS) 
http://drupal.org/node/1802218

- SA-CONTRIB-2012-150 - Twitter Pull - Cross Site Scripting (XSS) 
http://drupal.org/node/1802230

- SA-CONTRIB-2012-151 - Commerce Extra Panes - Cross Site Request 
Forgery http://drupal.org/node/1802258

- SA-CONTRIB-2012-152 - Feeds - Access bypass 
http://drupal.org/node/1808832

- SA-CONTRIB-2012-153 - Mandrill - Information Disclosure 
http://drupal.org/node/1808846

- SA-CONTRIB-2012-154 - Basic webmail - Cross Site Scripting 
http://drupal.org/node/1808852

- SA-CONTRIB-2012-154 - Basic webmail - Information Disclosure 
http://drupal.org/node/1808852

- SA-CONTRIB-2012-155 - ShareThis - Cross Site Scripting (XSS) 
http://drupal.org/node/1808856

- SA-CONTRIB-2012-156 - Search API - Cross Site Request Forgery
(CSRF) http://drupal.org/node/1815770

- SA-CONTRIB-2012-157 - Time Spent - Cross Site Scripting (XSS) 
http://drupal.org/node/1822066

- SA-CONTRIB-2012-157 - Time Spent - Cross Site Request Forgery
(CSRF) http://drupal.org/node/1822066

- SA-CONTRIB-2012-157 - Time Spent - SQL Injection 
http://drupal.org/node/1822066

- SA-CONTRIB-2012-158 - MailChimp - Cross Site Scripting (XSS) 
http://drupal.org/node/1822166

- SA-CONTRIB-2012-159 - Password policy - Information disclosure 
http://drupal.org/node/1828340

- SA-CONTRIB-2012-160 - OM Maximenu - Cross Site Scripting (XSS) 
http://drupal.org/node/1834866

- SA-CONTRIB-2012-161 - Webform CiviCRM Integration - Access
Bypass http://drupal.org/node/1834868

- SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request 
forgery (CSRF) http://drupal.org/node/1840740

- SA-CONTRIB-2012-163 - User Read-Only - Permission escalation 
http://drupal.org/node/1840886

- SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross
Site Scripting (XSS) http://drupal.org/node/1840892

- SA-CONTRIB-2012-165 - Chaos tool suite (ctools) - Cross Site 
Scripting (XSS) http://drupal.org/node/1840992

Please use the following:

CVE-2012-5537 Drupal SA-CONTRIB-2012-146
CVE-2012-5538 Drupal SA-CONTRIB-2012-147
CVE-2012-5539 Drupal SA-CONTRIB-2012-148
CVE-2012-5540 Drupal SA-CONTRIB-2012-149
CVE-2012-5541 Drupal SA-CONTRIB-2012-150
CVE-2012-5542 Drupal SA-CONTRIB-2012-151
CVE-2012-5543 Drupal SA-CONTRIB-2012-152
CVE-2012-5544 Drupal SA-CONTRIB-2012-153
CVE-2012-5545 Drupal SA-CONTRIB-2012-155 XSS
CVE-2012-5546 Drupal SA-CONTRIB-2012-155 Information Disclosure
CVE-2012-5547 Drupal SA-CONTRIB-2012-156
CVE-2012-5548 Drupal SA-CONTRIB-2012-157 XSS
CVE-2012-5549 Drupal SA-CONTRIB-2012-157 CSRF
CVE-2012-5550 Drupal SA-CONTRIB-2012-157 SQL Injection
CVE-2012-5551 Drupal SA-CONTRIB-2012-158
CVE-2012-5552 Drupal SA-CONTRIB-2012-159
CVE-2012-5553 Drupal SA-CONTRIB-2012-160
CVE-2012-5554 Drupal SA-CONTRIB-2012-161
CVE-2012-5556 Drupal SA-CONTRIB-2012-162
CVE-2012-5557 Drupal SA-CONTRIB-2012-163
CVE-2012-5558 Drupal SA-CONTRIB-2012-164
CVE-2012-5559 Drupal SA-CONTRIB-2012-165

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQq+mUAAoJEBYNRVNeJnmTMTwP/0aGGaza6YomFJs55tOYR0Ro
IbaqollVILrYeXOnAg9mVkeGAUJWkx1VNJh6K/SIhAWZF1Diy4evBuT+FwHjq5uy
rKwARLQ8BS62qnxLfSX/cXwQpCxk1jzbV9voiqKJkcsNxPz+1bfQxcD+qIocOCrg
zn4+RAtEdOeHCd0rL+nEnt2pQTk3EeSx7paGC6JhMtiFksXY06QdgKYZac3AbPII
MsysTKPJso3RfDHJc7i0v4fiTUn7HgzIU8UUPdkhPdMJ2Y/HXxdxJnzRhgnNlNkp
XZWc9ifLxHGlZlDBDspMjcpgX/4B90akeq2gtCKxZXlYZO31VOAv8eE2w9xKhOB6
v/0O6D+iT+4mThNjcSaQy1+3WVXyO2pG8zh/kMXWsWF0ZjSPgxQtuLzSpCFkDeu5
iDVmrKT6cquuC6ae8O2FAk9mhlSftE4noS5yNETzm5i2130YUM2KcabXjzJsutHo
lhFppm5pLXUrhsf4ukW1dF1AuMqSER7+NZLJ4APOuctkAdLz5C/jRjlx3k9OzCM5
M/xcKQmgXLlvc5+LS6oqxgv9UL60DNpNrigfuqeMhSqQXKxhT0XJ8K4EW7lc/pJE
gMODwy7LswyzwtQuZWkh0vMCqMoWDfL/8GdWxoEDrz2pTDYAwr0YsqV38+iwF+CC
+ueqh5siyTISyiGn30hy
=9r93
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]