[Secure-testing-commits] r25349 - data/CVE

Thijs Kinkhorst thijs at moszumanska.debian.org
Fri Jan 24 10:32:08 UTC 2014


Author: thijs
Date: 2014-01-24 10:32:08 +0000 (Fri, 24 Jan 2014)
New Revision: 25349

Modified:
   data/CVE/list
Log:
moodle 2 issues do not affect squeeze


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-24 09:56:40 UTC (rev 25348)
+++ data/CVE/list	2014-01-24 10:32:08 UTC (rev 25349)
@@ -4114,15 +4114,15 @@
 	RESERVED
 CVE-2014-0010 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	- moodle 2.5.4-1
+	[squeeze] - moodle <not-affected> (Code correctly checks session key)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
-	TODO: check which versions affected, sesskey seems checked in oldstable?
 CVE-2014-0009 (course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, ...)
 	- moodle 2.5.4-1 (low)
 	[squeeze] - moodle <no-dsa> (Minor issue)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
 CVE-2014-0008 (lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x ...)
 	- moodle 2.5.4-1 (low)
-	[squeeze] - moodle <no-dsa> (Minor issue)
+	[squeeze] - moodle <not-affected> (Vulnerable code not present)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
 CVE-2014-0007
 	RESERVED




More information about the Secure-testing-commits mailing list