oss-sec mailing list archives

CVS request - Moodle

From: Dan Poltawski <talktodan () gmail com>
Date: Wed, 4 Feb 2009 13:05:20 +0000

Hi,

We have released new versions of Moodle which fixes multiple vulnerabilities 
without CVE numbers.

These are detailed on: http://moodle.org/security/

MSA-09-0004 - XSS vulnerabilities in HTML blocks if "Login as" used 
Versions affected:       < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 
http://cvs.moodle.org/moodle/blocks/html/config_instance.html?r1=1.6&r2=1.6.10.1
http://cvs.moodle.org/moodle/blocks/html/block_html.php?r1=1.8.22.6&r2=1.8.22.7

MSA-09-0006: Calendar export may allow brute force attacks 
Versions affected:       < 1.9.4, < 1.8.8, < 1.7.7 
http://cvs.moodle.org/moodle/calendar/export_execute.php?r1=1.2.4.5&r2=1.2.4.6

MSA-09-0007: Missing input validation in logs allows potential XSS attacks 
Versions affected:       < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 
http://cvs.moodle.org/moodle/course/lib.php?r1=1.538.2.66&r2=1.538.2.67

MSA-09-0008: CSRF vulnerability in forum code 
Versions affected:       < 1.9.4, < 1.8.8, < 1.7.7 
http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15
http://cvs.moodle.org/moodle/mod/forum/prune.html?r1=1.8&r2=1.8.4.1
http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.15&r2=1.154.2.16

thanks,

Dan Poltawski

Attachment: signature.asc
Description: Digital signature

Current thread:

CVS request - Moodle Dan Poltawski (Feb 04)
- Re: CVS request - Moodle Steven M. Christey (Feb 09)