Date: Wed, 4 Feb 2009 13:05:20 +0000 From: Dan Poltawski <talktodan@...il.com> To: oss-security@...ts.openwall.com Subject: CVS request - Moodle Hi, We have released new versions of Moodle which fixes multiple vulnerabilities without CVE numbers. These are detailed on: http://moodle.org/security/ MSA-09-0004 - XSS vulnerabilities in HTML blocks if "Login as" used Versions affected: < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 http://cvs.moodle.org/moodle/blocks/html/config_instance.html?r1=1.6&r2=18.104.22.168 http://cvs.moodle.org/moodle/blocks/html/block_html.php?r1=22.214.171.124&r2=126.96.36.199 MSA-09-0006: Calendar export may allow brute force attacks Versions affected: < 1.9.4, < 1.8.8, < 1.7.7 http://cvs.moodle.org/moodle/calendar/export_execute.php?r1=188.8.131.52&r2=184.108.40.206 MSA-09-0007: Missing input validation in logs allows potential XSS attacks Versions affected: < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 http://cvs.moodle.org/moodle/course/lib.php?r1=1.538.2.66&r2=1.538.2.67 MSA-09-0008: CSRF vulnerability in forum code Versions affected: < 1.9.4, < 1.8.8, < 1.7.7 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=220.127.116.11&r2=18.104.22.168 http://cvs.moodle.org/moodle/mod/forum/prune.html?r1=1.8&r2=22.214.171.124 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=126.96.36.199&r2=188.8.131.52 thanks, Dan Poltawski [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ