Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 4 Feb 2009 13:05:20 +0000
From: Dan Poltawski <talktodan@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVS request - Moodle

Hi,

We have released new versions of Moodle which fixes multiple vulnerabilities 
without CVE numbers.

These are detailed on: http://moodle.org/security/

MSA-09-0004 - XSS vulnerabilities in HTML blocks if "Login as" used 
Versions affected:       < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 
http://cvs.moodle.org/moodle/blocks/html/config_instance.html?r1=1.6&r2=1.6.10.1
http://cvs.moodle.org/moodle/blocks/html/block_html.php?r1=1.8.22.6&r2=1.8.22.7

MSA-09-0006: Calendar export may allow brute force attacks 
Versions affected:       < 1.9.4, < 1.8.8, < 1.7.7 
http://cvs.moodle.org/moodle/calendar/export_execute.php?r1=1.2.4.5&r2=1.2.4.6

MSA-09-0007: Missing input validation in logs allows potential XSS attacks 
Versions affected:       < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 
http://cvs.moodle.org/moodle/course/lib.php?r1=1.538.2.66&r2=1.538.2.67

MSA-09-0008: CSRF vulnerability in forum code 
Versions affected:       < 1.9.4, < 1.8.8, < 1.7.7 
http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15
http://cvs.moodle.org/moodle/mod/forum/prune.html?r1=1.8&r2=1.8.4.1
http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.15&r2=1.154.2.16

thanks,

Dan Poltawski

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ