oss-sec mailing list archives
CVS request - Moodle
From: Dan Poltawski <talktodan () gmail com>
Date: Wed, 4 Feb 2009 13:05:20 +0000
Hi, We have released new versions of Moodle which fixes multiple vulnerabilities without CVE numbers. These are detailed on: http://moodle.org/security/ MSA-09-0004 - XSS vulnerabilities in HTML blocks if "Login as" used Versions affected: < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 http://cvs.moodle.org/moodle/blocks/html/config_instance.html?r1=1.6&r2=1.6.10.1 http://cvs.moodle.org/moodle/blocks/html/block_html.php?r1=1.8.22.6&r2=1.8.22.7 MSA-09-0006: Calendar export may allow brute force attacks Versions affected: < 1.9.4, < 1.8.8, < 1.7.7 http://cvs.moodle.org/moodle/calendar/export_execute.php?r1=1.2.4.5&r2=1.2.4.6 MSA-09-0007: Missing input validation in logs allows potential XSS attacks Versions affected: < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 http://cvs.moodle.org/moodle/course/lib.php?r1=1.538.2.66&r2=1.538.2.67 MSA-09-0008: CSRF vulnerability in forum code Versions affected: < 1.9.4, < 1.8.8, < 1.7.7 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15 http://cvs.moodle.org/moodle/mod/forum/prune.html?r1=1.8&r2=1.8.4.1 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.15&r2=1.154.2.16 thanks, Dan Poltawski
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVS request - Moodle Dan Poltawski (Feb 04)
- Re: CVS request - Moodle Steven M. Christey (Feb 09)