[Secure-testing-commits] r10324 - in data: . CVE

atomo64-guest at alioth.debian.org atomo64-guest at alioth.debian.org
Fri Nov 7 03:30:12 UTC 2008 

Author: atomo64-guest
Date: 2008-11-07 03:30:11 +0000 (Fri, 07 Nov 2008)
New Revision: 10324

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
New upload of moodle fixes most issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-07 03:00:23 UTC (rev 10323)
+++ data/CVE/list	2008-11-07 03:30:11 UTC (rev 10324)
@@ -291,7 +291,7 @@
 	TODO: check
 CVE-2008-4811 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...)
 	- smarty <unfixed> (bug #504328)
-	- moodle <unfixed> (bug #504345)
+	- moodle 1.8.2-2 (bug #504345)
 	[etch] - gallery2 <unfixed>
 	NOTE: this issue is SA32329
 	NOTE: trying to clarify on oss-sec, why there are two CVEs
@@ -365,7 +365,7 @@
 	NOTE: mediamate does not use snoopy in https requests
 	- opendb <unfixed> (bug #504173)
 	- wordpress 2.5.1-9 (bug #504234)
-	- moodle <unfixed> (bug #504235)
+	- moodle 1.8.2-2 (bug #504235)
 	- gforge-plugin-scmcvs <removed>
 	[etch] - gforge-plugin-scmcvs <unfixed> (bug #504258)
 	- magpierss <not-affected> (Fixed in all supported distributions)
@@ -4215,7 +4215,7 @@
 	- moodle 1.8.1-1 (low)
 	NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
 CVE-2008-3326 (Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle ...)
-	- moodle <unfixed> (low; bug #492492)
+	- moodle 1.8.2-2 (low; bug #492492)
 	NOTE: http://moodle.org/mod/forum/discuss.php?d=101401
 CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...)
 	- moodle <unfixed> (unimportant)
@@ -21105,6 +21105,7 @@
 	[etch] - flyspray <not-affected> (Vulnerable code not)
 	[sarge] - flyspray <not-affected> (Vulnerable code not included)
 	- moodle <not-affected> (Doesn't affect moodle per maintainer)
+	[lenny] - moodle 1.8.2-2 (bug #429190)
 	- owl-dms 0.94-2 (bug #429197)
 	- knowledgeroot 0.9.8.2-2 (bug #429196)
 	[etch] - knowledgeroot <not-affected> (Vulnerable code not used)
@@ -23251,7 +23252,7 @@
 	NOT-FOR-US: HTMLeditbox
 CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...)
 	- smarty <unfixed> (unimportant; bug #488523)
-	- moodle <unfixed> (unimportant; bug #488525)
+	- moodle 1.8.2-2 (unimportant; bug #488525)
 	- gallery2 2.2.5-2 (unimportant; bug #488527)
 	NOTE: this is a non-issue
 	NOTE: to exploit this, the smarty files need to be installed in a http daemon accessible directory

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2008-11-07 03:00:23 UTC (rev 10323)
+++ data/embedded-code-copies	2008-11-07 03:30:11 UTC (rev 10324)
@@ -293,7 +293,7 @@
 	- moodle <unfixed> (embed)
 
 smarty:
-	- moodle <unfixed> (embed; bug #471158)
+	- moodle 1.8.2-2 (embed; bug #471158)
 	- gallery2 2.2.5-2 (embed; bug #471160)
 	- mahara 0.9.2-2 (embed; bug #471201)
 	- gosa 2.4beta1-1 (embed; bug #471200)

More information about the Secure-testing-commits mailing list