Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Jan 2012 11:33:31 -0700
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: moodle 2.2.1, 2.1.4, 2.0.7, 1.9.16 vulnerabilities

New moodle releases were made to fix a number of flaws (summarized
below).  Could CVEs be assigned to these?

[1] http://docs.moodle.org/dev/Moodle_2.2.1_release_notes
[2] http://docs.moodle.org/dev/Moodle_2.1.4_release_notes
[3] http://docs.moodle.org/dev/Moodle_2.0.7_release_notes
[4] http://docs.moodle.org/dev/Moodle_1.9.16_release_notes


MSA-12-0001: Recaptcha transmission consistency issue
Affects: 2.2, 2.1.x, 2.0.x, 1.9.x
Fix: http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=b608b227bac4efba76da43dabe9bc2e32fb8fa32
Reference: http://moodle.org/mod/forum/discuss.php?d=194008


MSA-12-0002: Personal information leak
Affects: 1.9.x
Fix: http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=36b0ddeed45d0751508dcd9fa50f17fda43bae54
Reference: http://moodle.org/mod/forum/discuss.php?d=194009


MSA-12-0003: Added password protection
Affects: 2.2, 2.1.x, 2.0.x, 1.9.x
Fix: http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=aa30d3e8ce0dd41d3d0f7dae856beb180fed1f83
Reference: http://moodle.org/mod/forum/discuss.php?d=194011


MSA-12-0004: Added profile image security
Affects: 2.2, 2.1.x, 2.0.x, 1.9.x
Fix: http://git.moodle.org/gw?p=moodle.git;a=commit;h=90911c4ff98dc2078a3acef5ddf5a1a8f7e20ba5
Reference: http://moodle.org/mod/forum/discuss.php?d=194012


MSA-12-0005: Encryption enhancement
Affects: 2.2, 2.1.x, 2.0.x, 1.9.x
Fix: http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=98456628a24bba25d336860d38a45b5a4e3895da
Reference:  http://moodle.org/mod/forum/discuss.php?d=194013


MSA-12-0006: Additional email address validation
Affects: 2.2, 2.1.x, 2.0.x, 1.9.x
Fix: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-13572
Reference: http://moodle.org/mod/forum/discuss.php?d=194014


MSA-12-0007: Email injection prevention
Affects: 2.2, 2.1.x, 2.0.x, 1.9.x
Fix: http://git.moodle.org/gw?p=moodle.git;a=commit;h=62988bf0bbc73df655f51884aaf1f523928abff9
Reference: http://moodle.org/mod/forum/discuss.php?d=194015


MSA-12-0008: Unsynchronised access via tokens
Affects: 2.2, 2.1.x, 2.0.x
Fix: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126
Reference: http://moodle.org/mod/forum/discuss.php?d=194016


MSA-12-0009: Role access issue
Affects: 2.2, 2.1.x
Fix: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29469
Reference: http://moodle.org/mod/forum/discuss.php?d=194017


MSA-12-0010: Unauthorised access to session key
Affects: 2.1.x, 2.0.x
Fix: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27334
Reference: http://moodle.org/mod/forum/discuss.php?d=194018


MSA-12-0011: Browser autofill password issue
Affects: 2.2, 2.1.x, 2.0.x
Fix: http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=6e9989dbd3f261b2e1586ff77b0bf22fc7091485
Reference: http://moodle.org/mod/forum/discuss.php?d=194019


MSA-12-0012: Form validation issue
Affects: 2.2, 2.1.x
Fix: http://git.moodle.org/gw?p=moodle.git;a=commit;h=51070abc78b9e1db1db9a44855e8623b22bebd48
Reference: http://moodle.org/mod/forum/discuss.php?d=194020

-- 
Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.