Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1933458419.1381551277757458425.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Mon, 28 Jun 2010 16:37:38 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request -- Drupal v6.16 / v5.22
 SA-CORE-2010-001

As best as I can tell, none of these have CVE ids. (sorry for missing these)

Here goes.

----- "Henri Salo" <henri@...v.fi> wrote:

> On Mon, 08 Mar 2010 20:36:55 +0100
> Jan Lieskovsky <jlieskov@...hat.com> wrote:
> 
> > Hi Steve, vendors,
> > 
> >    multiple security issues have been addressed within
> > SA-CORE-2010-001:
> > 
> > * Installation cross site scripting

CVE-2010-2250

> > * Open redirection

CVE-2010-2471

> > * Locale module cross site scripting

CVE-2010-2472

> > * Blocked user session regeneration

CVE-2010-2473

> > References:
> >    [1] http://drupal.org/node/731710
> >    [2]
> > http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036472.html

> > [3]
> > http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036619.html

> > [4]
> > http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036583.html

> > 
> > Could you allocate CVE ids for these?
> > 
> 
> Did this get CVE-identifiers?
> 

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.