[Secure-testing-commits] r25284 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jan 20 05:36:13 UTC 2014
Author: carnil
Date: 2014-01-20 05:36:13 +0000 (Mon, 20 Jan 2014)
New Revision: 25284
Modified:
data/CVE/list
Log:
Add moodle issues, with todo for affected versions check
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-19 21:12:01 UTC (rev 25283)
+++ data/CVE/list 2014-01-20 05:36:13 UTC (rev 25284)
@@ -3709,12 +3709,21 @@
NOTE: introduced by https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
CVE-2014-0011
RESERVED
-CVE-2014-0010
+CVE-2014-0010 [Cross-site request forgery vulnerability in profile fields]
RESERVED
-CVE-2014-0009
+ - moodle <unfixed>
+ NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
+ TODO: check which versions affected
+CVE-2014-0009 [Group constraints lacking in "login as"]
RESERVED
-CVE-2014-0008
+ - moodle <unfixed>
+ NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
+ TODO: check which versions affected
+CVE-2014-0008 [Config passwords visibility issue]
RESERVED
+ - moodle <unfixed>
+ NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
+ TODO: check which versions affected
CVE-2014-0007
RESERVED
CVE-2014-0006 [Use constant time comparison in tempURL]
More information about the Secure-testing-commits
mailing list