Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 1 Nov 2010 16:38:59 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: moodle 1.9.10


----- "Ludwig Nussel" <ludwig.nussel@...e.de> wrote:

> Hi,
> 
> Moodle 1.9.10 is a security update again:
> http://docs.moodle.org/en/Moodle_1.9.10_release_notes
> 

This appears to be these things:

* MSA-10-0017 XSS vulnerability in YUI 2.4.0 through YUI 2.8.1
    Use CVE-2010-3866 for this.

* MSA-10-0016 Multiple phpCAS library vulnerabilities
    This seems to have CVE ids

* MSA-10-0015 Customised HTML Purifier upgraded to 4.2.0 
* MSA-10-0014 Customised phpMyAdmin upgraded to 2.11.11 

These two have no real information I can see. They just say to upgrade the
upstream version. Does anyone have more information (I can't follow the
link to the tracker).

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.