Date: Wed, 4 Feb 2009 13:05:20 +0000 From: Dan Poltawski <talktodan@...il.com> To: oss-security@...ts.openwall.com Subject: CVS request - Moodle Hi, We have released new versions of Moodle which fixes multiple vulnerabilities without CVE numbers. These are detailed on: http://moodle.org/security/ MSA-09-0004 - XSS vulnerabilities in HTML blocks if "Login as" used Versions affected: < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 http://cvs.moodle.org/moodle/blocks/html/config_instance.html?r1=1.6&r2=184.108.40.206 http://cvs.moodle.org/moodle/blocks/html/block_html.php?r1=220.127.116.11&r2=18.104.22.168 MSA-09-0006: Calendar export may allow brute force attacks Versions affected: < 1.9.4, < 1.8.8, < 1.7.7 http://cvs.moodle.org/moodle/calendar/export_execute.php?r1=22.214.171.124&r2=126.96.36.199 MSA-09-0007: Missing input validation in logs allows potential XSS attacks Versions affected: < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 http://cvs.moodle.org/moodle/course/lib.php?r1=1.538.2.66&r2=1.538.2.67 MSA-09-0008: CSRF vulnerability in forum code Versions affected: < 1.9.4, < 1.8.8, < 1.7.7 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=188.8.131.52&r2=184.108.40.206 http://cvs.moodle.org/moodle/mod/forum/prune.html?r1=1.8&r2=220.127.116.11 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=18.104.22.168&r2=22.214.171.124 thanks, Dan Poltawski Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.