[Secure-testing-commits] r25287 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Jan 20 08:12:33 UTC 2014


Author: jmm
Date: 2014-01-20 08:12:33 +0000 (Mon, 20 Jan 2014)
New Revision: 25287

Modified:
   data/CVE/list
Log:
two moodle no-dsa, one needs further checks


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-20 07:42:55 UTC (rev 25286)
+++ data/CVE/list	2014-01-20 08:12:33 UTC (rev 25287)
@@ -3717,17 +3717,17 @@
 	RESERVED
 	- moodle <unfixed>
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
-	TODO: check which versions affected
+	TODO: check which versions affected, sesskey seems checked in oldstable?
 CVE-2014-0009 [Group constraints lacking in "login as"]
 	RESERVED
-	- moodle <unfixed>
+	- moodle <unfixed> (low)
+	[squeeze] - moodle <no-dsa> (Minor issue)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
-	TODO: check which versions affected
 CVE-2014-0008 [Config passwords visibility issue]
 	RESERVED
-	- moodle <unfixed>
+	- moodle <unfixed> (low)
+	[squeeze] - moodle <no-dsa> (Minor issue)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
-	TODO: check which versions affected
 CVE-2014-0007
 	RESERVED
 CVE-2014-0006 [Use constant time comparison in tempURL]




More information about the Secure-testing-commits mailing list