[Secure-testing-commits] r31551 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Jan 20 16:24:38 UTC 2015
Author: jmm
Date: 2015-01-20 16:24:38 +0000 (Tue, 20 Jan 2015)
New Revision: 31551
Modified:
data/CVE/list
Log:
moodle bugs, should clear the "unreported" view significantly
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-20 16:16:22 UTC (rev 31550)
+++ data/CVE/list 2015-01-20 16:24:38 UTC (rev 31551)
@@ -3889,7 +3889,7 @@
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f442be2fb22be02cafa606f1769fa1e6f894441 (v3.18-rc6)
CVE-2014-9059 (lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966
NOTE: https://moodle.org/mod/forum/discuss.php?d=275146
@@ -4184,42 +4184,42 @@
NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
CVE-2015-0218
RESERVED
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278618#p1196684
CVE-2015-0217
RESERVED
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278617#p1196683
CVE-2015-0216
RESERVED
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278616#p1196682
CVE-2015-0215
RESERVED
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278615#p1196681
CVE-2015-0214
RESERVED
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278614#p1196680
CVE-2015-0213
RESERVED
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278613#p1196679
CVE-2015-0212
RESERVED
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278612#p1196678
CVE-2015-0211
RESERVED
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278611#p1196676
CVE-2015-0210
@@ -7560,19 +7560,19 @@
CVE-2014-7849
RESERVED
CVE-2014-7848 (lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47287
CVE-2014-7847 (iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321
CVE-2014-7846 (tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965
CVE-2014-7845 (The generate_password function in Moodle through 2.4.11, 2.5.x before ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050
CVE-2014-7844
@@ -7609,39 +7609,39 @@
- resteasy 3.0.6-2 (bug #770544)
NOTE: https://issues.jboss.org/browse/RESTEASY-1130
CVE-2014-7838 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019
CVE-2014-7837 (mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47949
CVE-2014-7836 (Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924
CVE-2014-7835 (webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47868
CVE-2014-7834 (mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45303
CVE-2014-7833 (mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47697
CVE-2014-7832 (mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921
CVE-2014-7831 (lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47766
CVE-2014-7830 (Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865
CVE-2014-7829 (Directory traversal vulnerability in ...)
@@ -16194,7 +16194,7 @@
{DSA-3017-1}
- php-cas 1.3.3-1 (bug #759718)
NOTE: https://github.com/Jasig/phpCAS/pull/125
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46766
CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly ...)
@@ -17582,7 +17582,7 @@
CVE-2014-3619
RESERVED
CVE-2014-3617 (The forum_print_latest_discussions function in mod/forum/lib.php in ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619
CVE-2014-3616 (nginx 0.5.6 through 1.7.4, when using the same shared ...)
@@ -17875,7 +17875,7 @@
CVE-2014-3554 (Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp ...)
- libndp 1.4-1 (bug #756389)
CVE-2014-3553 (mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990
CVE-2014-3552 (The Shibboleth authentication plugin in auth/shibboleth/index.php in ...)
@@ -17883,7 +17883,7 @@
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485
CVE-2014-3551 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
CVE-2014-3550 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -17893,35 +17893,35 @@
- moodle <not-affected> (Only affects 2.7.x)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201
CVE-2014-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
CVE-2014-3547 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042
CVE-2014-3546 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760
CVE-2014-3545 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148
CVE-2014-3544 (Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
CVE-2014-3543 (mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417
CVE-2014-3542 (mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463
CVE-2014-3541 (The Repositories component in Moodle through 2.3.11, 2.4.x before ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
CVE-2014-3540
@@ -22050,7 +22050,7 @@
CVE-2014-2054 (PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and ...)
- owncloud 6.0.2+dfsg-1
- dolibarr 3.5.3+dfsg1-1
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: dolibarr removed phpexcel in 3.5.3+dfsg1-1 / #729538
NOTE: moodle also contain a copy of PHPExcel
@@ -37154,7 +37154,7 @@
CVE-2013-3631 (NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to ...)
NOT-FOR-US: NAS4Free
CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators to ...)
- - moodle <unfixed>
+ - moodle <unfixed> (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://tracker.moodle.org/browse/MDL-41449
NOTE: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
@@ -114696,7 +114696,7 @@
CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...)
- moodle <unfixed> (unimportant)
NOTE: http://moodle.org/mod/forum/discuss.php?d=101403
- NOTE: Does not allow any attack vendors, apart from gaining non-sensible information
+ NOTE: Does not allow any attack vectors, apart from gaining non-sensible information
CVE-2008-XXXX [mantis multiple issues]
- mantis 1.1.2+dfsg-1 (low)
NOTE: http://www.mantisbt.org/bugs/changelog_page.php
More information about the Secure-testing-commits
mailing list