[Secure-testing-commits] r27870 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Jul 22 05:17:21 UTC 2014
Author: jmm
Date: 2014-07-22 05:17:21 +0000 (Tue, 22 Jul 2014)
New Revision: 27870
Modified:
data/CVE/list
Log:
moodle updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-22 04:34:49 UTC (rev 27869)
+++ data/CVE/list 2014-07-22 05:17:21 UTC (rev 27870)
@@ -3290,57 +3290,65 @@
CVE-2014-3553 [Forum group posting issue]
RESERVED
- moodle <unfixed>
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990
CVE-2014-3552 [Identity confusion in Shibboleth authentication]
RESERVED
- - moodle <unfixed>
+ - moodle 2.6.1-1
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485
- TODO: check unstable, might be unaffected as advisory says Versions affected: 2.5 to 2.5.6, 2.4 to 2.4.10 and earlier unsupported versions
CVE-2014-3551 [Cross-site scripting in advanced grading methods]
RESERVED
- moodle <unfixed>
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
CVE-2014-3550 [Cross-site scripting though scheduled task error messages]
RESERVED
- - moodle <unfixed>
+ - moodle <not-affected> (Only affects 2.7.x)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46227
- TODO: check, only affects 2.7?
CVE-2014-3549 [Cross-site scripting through logs of failed logins]
RESERVED
- - moodle <unfixed>
+ - moodle <not-affected> (Only affects 2.7.x)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201
- TODO: check, only affects 2.7?
CVE-2014-3548 [Cross-site scripting vulnerability in exception dialogues]
RESERVED
- moodle <unfixed>
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
CVE-2014-3547 [Cross-site scripting possible in external badges]
RESERVED
- moodle <unfixed>
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042
CVE-2014-3546 [Information leak in profile and notes pages]
RESERVED
- moodle <unfixed>
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760
CVE-2014-3545 [Remote code execution in Quiz]
RESERVED
- moodle <unfixed>
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148
CVE-2014-3544 [Cross-site scripting vulnerability in profile field]
RESERVED
- moodle <unfixed>
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
CVE-2014-3543 [XML External Entity vulnerability in IMSCC and IMSCP]
RESERVED
- moodle <unfixed>
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417
CVE-2014-3542 [XML External Entity vulnerability in LTI module]
RESERVED
- moodle <unfixed>
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463
CVE-2014-3541 [Code injection in Repositories]
RESERVED
- moodle <unfixed>
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
CVE-2014-3540
REJECTED
More information about the Secure-testing-commits
mailing list