[Secure-testing-commits] r8348 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Sun Mar 16 16:28:31 UTC 2008
Author: thijs
Date: 2008-03-16 16:28:30 +0000 (Sun, 16 Mar 2008)
New Revision: 8348
Modified:
data/CVE/list
Log:
moodle not affected by this specific smarty bug
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-16 16:18:08 UTC (rev 8347)
+++ data/CVE/list 2008-03-16 16:28:30 UTC (rev 8348)
@@ -506,9 +506,10 @@
- phpqladmin <removed>
CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used ...)
- smarty 2.6.18-1.1 (low; bug #469492)
- - moodle <unfixed> (low; bug #471158)
+ - moodle <not-affected> (low; bug #471158)
- gallery2 <unfixed> (low; bug #471160)
- mahara <unfixed> (low; bug #471201)
+ NOTE: Moodle ships Smarty but uses it in only one file, which doesn't use regex_replace
CVE-2008-1065 (Multiple SQL injection vulnerabilities in index.php in the ...)
NOT-FOR-US: xmmemberstats module for XOOPS
CVE-2008-1064 (Cross-site scripting (XSS) vulnerability in images.php in the Red ...)
More information about the Secure-testing-commits
mailing list