[Secure-testing-commits] r25287 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Jan 20 08:12:33 UTC 2014
Author: jmm
Date: 2014-01-20 08:12:33 +0000 (Mon, 20 Jan 2014)
New Revision: 25287
Modified:
data/CVE/list
Log:
two moodle no-dsa, one needs further checks
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-20 07:42:55 UTC (rev 25286)
+++ data/CVE/list 2014-01-20 08:12:33 UTC (rev 25287)
@@ -3717,17 +3717,17 @@
RESERVED
- moodle <unfixed>
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
- TODO: check which versions affected
+ TODO: check which versions affected, sesskey seems checked in oldstable?
CVE-2014-0009 [Group constraints lacking in "login as"]
RESERVED
- - moodle <unfixed>
+ - moodle <unfixed> (low)
+ [squeeze] - moodle <no-dsa> (Minor issue)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
- TODO: check which versions affected
CVE-2014-0008 [Config passwords visibility issue]
RESERVED
- - moodle <unfixed>
+ - moodle <unfixed> (low)
+ [squeeze] - moodle <no-dsa> (Minor issue)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
- TODO: check which versions affected
CVE-2014-0007
RESERVED
CVE-2014-0006 [Use constant time comparison in tempURL]
More information about the Secure-testing-commits
mailing list