[Secure-testing-commits] r25284 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Jan 20 05:36:13 UTC 2014


Author: carnil
Date: 2014-01-20 05:36:13 +0000 (Mon, 20 Jan 2014)
New Revision: 25284

Modified:
   data/CVE/list
Log:
Add moodle issues, with todo for affected versions check

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-19 21:12:01 UTC (rev 25283)
+++ data/CVE/list	2014-01-20 05:36:13 UTC (rev 25284)
@@ -3709,12 +3709,21 @@
 	NOTE: introduced by https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
 CVE-2014-0011
 	RESERVED
-CVE-2014-0010
+CVE-2014-0010 [Cross-site request forgery vulnerability in profile fields]
 	RESERVED
-CVE-2014-0009
+	- moodle <unfixed>
+	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
+	TODO: check which versions affected
+CVE-2014-0009 [Group constraints lacking in "login as"]
 	RESERVED
-CVE-2014-0008
+	- moodle <unfixed>
+	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
+	TODO: check which versions affected
+CVE-2014-0008 [Config passwords visibility issue]
 	RESERVED
+	- moodle <unfixed>
+	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
+	TODO: check which versions affected
 CVE-2014-0007
 	RESERVED
 CVE-2014-0006 [Use constant time comparison in tempURL]




More information about the Secure-testing-commits mailing list