oss-sec mailing list archives

Re: CVE request for Drupal Core and contributed modules

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 20 Feb 2013 22:54:29 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/20/2013 09:42 PM, Forest Monsen wrote:

Hi Kurt,

Here's a request for CVE identifiers for several issues:


Top posting because I'm lazy

CVE-2013-0316 Drupal SA-CORE-2013-002 - Drupal core - Denial of service
CVE-2013-0317 Drupal SA-CONTRIB-2013-015 - Manager Change for Organic
Groups - Cross site scripting (XSS)
CVE-2013-0318 Drupal SA-CONTRIB-2013-016 - Banckle Chat - Access
bypass - Unsupported
CVE-2013-0319 Drupal SA-CONTRIB-2013-017 - Yandex.Metrics - Cross site
scripting (XSS)
CVE-2013-0320 Drupal SA-CONTRIB-2013-018 - Taxonomy Manager - Cross
Site Request Forgery (CSRF)
CVE-2013-0321 Drupal SA-CONTRIB-2013-019 - Ubercart Views - Cross site
scripting (XSS)
CVE-2013-0322 Drupal SA-CONTRIB-2013-020 - Ubercart - Cross site
scripting (XSS)
CVE-2013-0323 Drupal SA-CONTRIB-2013-021 - Display Suite - Cross Site
Scripting (XSS)
CVE-2013-0324 Drupal SA-CONTRIB-2013-022 - Menu Reference - Cross site
scripting (XSS)
CVE-2013-0325 Drupal SA-CONTRIB-2013-023 - Varnish module - Cross Site
Scripting (XSS)


SA-CORE-2013-002 - Drupal core - Denial of service 
http://drupal.org/SA-CORE-2013-002

SA-CONTRIB-2013-015 - Manager Change for Organic Groups - Cross
site scripting (XSS) http://drupal.org/node/1916312

SA-CONTRIB-2013-016 - Banckle Chat - Access bypass - Unsupported 
http://drupal.org/node/1916370

SA-CONTRIB-2013-017 - Yandex.Metrics - Cross site scripting (XSS) 
http://drupal.org/node/1922400

SA-CONTRIB-2013-018 - Taxonomy Manager - Cross Site Request Forgery
(CSRF) http://drupal.org/node/1922410

SA-CONTRIB-2013-019 - Ubercart Views - Cross site scripting (XSS) 
http://drupal.org/node/1922416

SA-CONTRIB-2013-020 - Ubercart - Cross site scripting (XSS) 
http://drupal.org/node/1922418

SA-CONTRIB-2013-021 - Display Suite - Cross Site Scripting (XSS) 
http://drupal.org/node/1922438

SA-CONTRIB-2013-022 - Menu Reference - Cross site scripting (XSS) 
http://drupal.org/node/1922446

SA-CONTRIB-2013-023 - Varnish module - Cross Site Scripting (XSS) 
http://drupal.org/node/1922756

Thanks!

Forest



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRJbaVAAoJEBYNRVNeJnmTik8QAIKH1ZaO3ORx/UxP9ohCwkK+
gkjn1hftxSyo7/iGvyoaIBK8S2vRLvGgD2XjUWgVKxEahhtdxFbIeDZhM8XoMNiK
Zryi3E5mjBXWCk5yH65ILY75FTYzN568vlWoXy0yPOlIZ8GHqFpjXFnnm160aOql
c/Wo9uIvmAjl+b05WrNtirUpW2WNKOOxqDbKQcHsPrDhtsLfxCklhP0KmwtF6L9K
vI6Vtf+35vA0ELfM0VtZUBgSjtJQbBGqYcHwSCkQh6SHbZegYBr+f1Eqx8VpyGLz
M+n99G8CzND4BAnppin6LCueDSUIuiLgbHysVyaKbJ9L7cxb4XdKtYS9sgmil3Wa
8fEPvimiHNCRBDS2znBQomHKZXI2yf6+K+8/uKyG43D7AA7FK8Iqp+SwJX3iQ9m2
z5svQJe8QeE6vjQfZM8fb4rq4tPpLrx9mdIsRI2k5CkOC+sZ/Cs0dF7SkZp6i208
Qqa+9wzzp1FcmCWVNCypLk5Sqly3iuHUmU6FDYp3nfAncOJUY7Vt0NjYF9HhvPRp
CnW1uFoV1N28hgAqewd0mIr3kUuzZaJ4bovzc/KcJziWKcwMbKyEx+UeGkzwUJFu
fJqcqwvZh0d2zBtOlGAvqTSUx1wV1GTpPaG+qaUInXO+npvk5oSppm1EHns4dO4a
bnA1je31AzdvK3IAyt6M
=hOl8
-----END PGP SIGNATURE-----

Current thread:

CVE request for Drupal Core and contributed modules Forest Monsen (Feb 20)
- Re: CVE request for Drupal Core and contributed modules Kurt Seifried (Feb 20)