[Secure-testing-commits] r27870 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Jul 22 05:17:21 UTC 2014 

Author: jmm
Date: 2014-07-22 05:17:21 +0000 (Tue, 22 Jul 2014)
New Revision: 27870

Modified:
   data/CVE/list
Log:
moodle updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-07-22 04:34:49 UTC (rev 27869)
+++ data/CVE/list	2014-07-22 05:17:21 UTC (rev 27870)
@@ -3290,57 +3290,65 @@
 CVE-2014-3553 [Forum group posting issue]
 	RESERVED
 	- moodle <unfixed>
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990
 CVE-2014-3552 [Identity confusion in Shibboleth authentication]
 	RESERVED
-	- moodle <unfixed>
+	- moodle 2.6.1-1
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485
-	TODO: check unstable, might be unaffected as advisory says Versions affected: 2.5 to 2.5.6, 2.4 to 2.4.10 and earlier unsupported versions
 CVE-2014-3551 [Cross-site scripting in advanced grading methods]
 	RESERVED
 	- moodle <unfixed>
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
 CVE-2014-3550 [Cross-site scripting though scheduled task error messages]
 	RESERVED
-	- moodle <unfixed>
+	- moodle <not-affected> (Only affects 2.7.x)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46227
-	TODO: check, only affects 2.7?
 CVE-2014-3549 [Cross-site scripting through logs of failed logins]
 	RESERVED
-	- moodle <unfixed>
+	- moodle <not-affected> (Only affects 2.7.x)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201
-	TODO: check, only affects 2.7?
 CVE-2014-3548 [Cross-site scripting vulnerability in exception dialogues]
 	RESERVED
 	- moodle <unfixed>
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
 CVE-2014-3547 [Cross-site scripting possible in external badges]
 	RESERVED
 	- moodle <unfixed>
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042
 CVE-2014-3546 [Information leak in profile and notes pages]
 	RESERVED
 	- moodle <unfixed>
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760
 CVE-2014-3545 [Remote code execution in Quiz]
 	RESERVED
 	- moodle <unfixed>
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148
 CVE-2014-3544 [Cross-site scripting vulnerability in profile field]
 	RESERVED
 	- moodle <unfixed>
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
 CVE-2014-3543 [XML External Entity vulnerability in IMSCC and IMSCP]
 	RESERVED
 	- moodle <unfixed>
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417
 CVE-2014-3542 [XML External Entity vulnerability in LTI module]
 	RESERVED
 	- moodle <unfixed>
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463
 CVE-2014-3541 [Code injection in Repositories]
 	RESERVED
 	- moodle <unfixed>
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
 CVE-2014-3540
 	REJECTED

More information about the Secure-testing-commits mailing list