oss-sec mailing list archives

Re: CVE request for Drupal contributed modules

From: Henri Salo <henri () nerv fi>
Date: Mon, 20 Jan 2014 18:18:48 +0200

On Mon, Jan 20, 2014 at 03:30:34AM -0800, Forest Monsen wrote:

Hi there, I'd like to request CVE identifiers for:

SA-CONTRIB-2013-098 - Ubercart - Session Fixation Vulnerability
https://drupal.org/node/2158651

SA-CONTRIB-2014-001 - Entity API - Access Bypass
https://drupal.org/node/2169595

SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)
https://drupal.org/node/2173321

Thanks!

Best,
Forest


https://drupal.org/node/2169595 already has CVEs:

CVE-2014-1398 (Comment, User and Node Statistics property access bypass)
CVE-2014-1399 (Entity list property access bypass)
CVE-2014-1400 (Unpublished comments access bypass)

As far as I know SA-CONTRIB-2013-098 and SA-CONTRIB-2014-002 are still missing
CVEs.

---
Henri Salo

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE request for Drupal contributed modules Forest Monsen (Jan 20)
- Re: CVE request for Drupal contributed modules Henri Salo (Jan 20)
- Re: CVE request for Drupal contributed modules cve-assign (Jan 20)
  - Re: CVE request for Drupal contributed modules Forest Monsen (Jan 20)