[Secure-testing-commits] r25349 - data/CVE
Thijs Kinkhorst
thijs at moszumanska.debian.org
Fri Jan 24 10:32:08 UTC 2014
Author: thijs
Date: 2014-01-24 10:32:08 +0000 (Fri, 24 Jan 2014)
New Revision: 25349
Modified:
data/CVE/list
Log:
moodle 2 issues do not affect squeeze
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-24 09:56:40 UTC (rev 25348)
+++ data/CVE/list 2014-01-24 10:32:08 UTC (rev 25349)
@@ -4114,15 +4114,15 @@
RESERVED
CVE-2014-0010 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- moodle 2.5.4-1
+ [squeeze] - moodle <not-affected> (Code correctly checks session key)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
- TODO: check which versions affected, sesskey seems checked in oldstable?
CVE-2014-0009 (course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, ...)
- moodle 2.5.4-1 (low)
[squeeze] - moodle <no-dsa> (Minor issue)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
CVE-2014-0008 (lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x ...)
- moodle 2.5.4-1 (low)
- [squeeze] - moodle <no-dsa> (Minor issue)
+ [squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
CVE-2014-0007
RESERVED
More information about the Secure-testing-commits
mailing list