Date: Wed, 4 Feb 2009 13:05:20 +0000 From: Dan Poltawski <talktodan@...il.com> To: oss-security@...ts.openwall.com Subject: CVS request - Moodle Hi, We have released new versions of Moodle which fixes multiple vulnerabilities without CVE numbers. These are detailed on: http://moodle.org/security/ MSA-09-0004 - XSS vulnerabilities in HTML blocks if "Login as" used Versions affected: < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 http://cvs.moodle.org/moodle/blocks/html/config_instance.html?r1=1.6&r2=220.127.116.11 http://cvs.moodle.org/moodle/blocks/html/block_html.php?r1=18.104.22.168&r2=22.214.171.124 MSA-09-0006: Calendar export may allow brute force attacks Versions affected: < 1.9.4, < 1.8.8, < 1.7.7 http://cvs.moodle.org/moodle/calendar/export_execute.php?r1=126.96.36.199&r2=188.8.131.52 MSA-09-0007: Missing input validation in logs allows potential XSS attacks Versions affected: < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 http://cvs.moodle.org/moodle/course/lib.php?r1=1.538.2.66&r2=1.538.2.67 MSA-09-0008: CSRF vulnerability in forum code Versions affected: < 1.9.4, < 1.8.8, < 1.7.7 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=184.108.40.206&r2=220.127.116.11 http://cvs.moodle.org/moodle/mod/forum/prune.html?r1=1.8&r2=18.104.22.168 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=22.214.171.124&r2=126.96.36.199 thanks, Dan Poltawski Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.