Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Nov 2011 19:46:19 +0200
From: Henri Salo <>
Subject: Fwd: DSA 2338-1 moodle security update

Has someone requested CVE-identifiers for these already?

- Henri

----- Forwarded message from Moritz Muehlenhoff <> -----

Date: Mon, 7 Nov 2011 18:18:55 +0100
From: Moritz Muehlenhoff <>
Subject: [Full-disclosure] [SECURITY] [DSA 2338-1] moodle security update
User-Agent: Mutt/1.5.21 (2010-09-15)

Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2338-1                                 Moritz Muehlenhoff
November 07, 2011            
- -------------------------------------------------------------------------

Package        : moodle
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : not yet available

Several cross-site scripting and information disclosure issues have
been fixed in Moodle, a course management system for online learning:

* MSA-11-0020 Continue links in error messages can lead offsite
* MSA-11-0024 Recaptcha images were being authenticated from an older 
* MSA-11-0025 Group names in user upload CSV not escaped
* MSA-11-0026 Fields in user upload CSV not escaped
* MSA-11-0031 Forms API constant issue
* MSA-11-0032 MNET SSL validation issue
* MSA-11-0036 Messaging refresh vulnerability
* MSA-11-0037 Course section editing injection vulnerability
* MSA-11-0038 Database injection protection strengthened

For the stable distribution (squeeze), this problem has been fixed in
version 1.9.9.dfsg2-2.1+squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 1.9.9.dfsg2-4.

We recommend that you upgrade your moodle packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:

Mailing list:
Version: GnuPG v1.4.11 (GNU/Linux)


Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

----- End forwarded message -----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.