Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 21 Mar 2014 21:35:53 -0400 (EDT)
From: cve-assign@...re.org
To: michaeld@...dle.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Moodle security notifications public

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> MSA-14-0004: Incorrect filtering in Quiz
> CVE identifier:    Pending

This is assigned CVE-2014-2571.


> MSA-14-0008: Cross site scripting potential in Flowplayer
> CVE identifier:    Pending

This is assigned CVE-2013-7341. As far as we know, the relevant
Flowplayer upstream references are:

  http://flash.flowplayer.org/documentation/version-history.html
  https://github.com/flowplayer/flash/issues/121

and the first fixed upstream version was 3.2.17 (but 3.2.18 is
preferable for usability reasons).


> MSA-14-0013: Unfiltered data used in Assignment web services
> CVE identifier:    Pending

This is assigned CVE-2014-2572.


These should be available soon:

  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2571
  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7341
  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2572

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTLOdPAAoJEKllVAevmvmsLzUH/0BgYc8195oRg/NfrunnGcMw
j0eXA0uBDry3Brhj2j4yExP2DdpAyEs9x3/sLGH9PgdxCmsx4UeICoW9q5S7YhY6
mC018aqO/IXm56vrBg1YYF9FWE6A6vUQKLZ6uvBwKaz9/8v3OMpRizCxYO429t9W
Qa2JxllxCoerY15OIRZ9evvG502XM7luXZ+EIhybqRRI7lCDkKeNFK6Ix7dZxttE
4PuxiB/MUGxYLlwl4OORvrqPlMQpv3+j7MPRVh+5YvRel+pGSSj3wQc5fFxdp0ZX
5howdAY1E2Oes4R5K0yPYi2bZTiLbzR30KlPuPK9LeeAbI255PwaHw5u6CP2Nvw=
=1vea
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ