oss-sec mailing list archives
Re: Moodle security notifications public
From: cve-assign () mitre org
Date: Fri, 21 Mar 2014 21:35:53 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
MSA-14-0004: Incorrect filtering in Quiz CVE identifier: Pending
This is assigned CVE-2014-2571.
MSA-14-0008: Cross site scripting potential in Flowplayer CVE identifier: Pending
This is assigned CVE-2013-7341. As far as we know, the relevant Flowplayer upstream references are: http://flash.flowplayer.org/documentation/version-history.html https://github.com/flowplayer/flash/issues/121 and the first fixed upstream version was 3.2.17 (but 3.2.18 is preferable for usability reasons).
MSA-14-0013: Unfiltered data used in Assignment web services CVE identifier: Pending
This is assigned CVE-2014-2572. These should be available soon: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2571 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7341 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2572 - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTLOdPAAoJEKllVAevmvmsLzUH/0BgYc8195oRg/NfrunnGcMw j0eXA0uBDry3Brhj2j4yExP2DdpAyEs9x3/sLGH9PgdxCmsx4UeICoW9q5S7YhY6 mC018aqO/IXm56vrBg1YYF9FWE6A6vUQKLZ6uvBwKaz9/8v3OMpRizCxYO429t9W Qa2JxllxCoerY15OIRZ9evvG502XM7luXZ+EIhybqRRI7lCDkKeNFK6Ix7dZxttE 4PuxiB/MUGxYLlwl4OORvrqPlMQpv3+j7MPRVh+5YvRel+pGSSj3wQc5fFxdp0ZX 5howdAY1E2Oes4R5K0yPYi2bZTiLbzR30KlPuPK9LeeAbI255PwaHw5u6CP2Nvw= =1vea -----END PGP SIGNATURE-----
Current thread:
- Moodle security notifications public Michael de Raadt (Jan 19)
- <Possible follow-ups>
- Moodle security notifications public Michael de Raadt (Mar 16)
- Re: Moodle security notifications public cve-assign (Mar 21)