[Secure-testing-commits] r7953 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Thu Jan 17 19:47:19 UTC 2008


Author: nion
Date: 2008-01-17 19:47:08 +0000 (Thu, 17 Jan 2008)
New Revision: 7953

Modified:
   data/CVE/list
Log:
moodle non-issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-17 16:40:54 UTC (rev 7952)
+++ data/CVE/list	2008-01-17 19:47:08 UTC (rev 7953)
@@ -377,7 +377,10 @@
 CVE-2008-0124
 	RESERVED
 CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle ...)
-	TODO: check
+	- moodle <unfixed> (unimportant)
+	NOTE: the issue itself has a quite small attack vector
+	NOTE: and considering that the apache configuration that comes
+	NOTE: with moodle limits connections to localhost this is no issue
 CVE-2008-0122 (Off-by-one error in the inet_network function in libc in FreeBSD 6.2, ...)
 	- kfreebsd-5 <not-affected>
 	- kfreebsd-6 <unfixed>




More information about the Secure-testing-commits mailing list