[Secure-testing-commits] r56545 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Oct 9 17:11:47 UTC 2017
Author: carnil
Date: 2017-10-09 17:11:47 +0000 (Mon, 09 Oct 2017)
New Revision: 56545
Modified:
data/CVE/list
Log:
Mark moodle as removed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-09 16:08:27 UTC (rev 56544)
+++ data/CVE/list 2017-10-09 17:11:47 UTC (rev 56545)
@@ -8462,10 +8462,10 @@
CVE-2017-12158
RESERVED
CVE-2017-12157 (In Moodle 3.x, various course reports allow teachers to view details ...)
- - moodle <unfixed>
+ - moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=358586
CVE-2017-12156 (Moodle 3.x has XSS in the contact form on the "non-respondents" page in ...)
- - moodle <unfixed>
+ - moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=358585
CVE-2017-12155
RESERVED
@@ -22038,7 +22038,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/08/03/2
NOTE: Fixed by: https://git.kernel.org/linus/49d31c2f389acfe83417083e1208422b4091cd9 (v4.13-rc1)
CVE-2017-7532 (In Moodle 3.x, course creators are able to change system default ...)
- - moodle <unfixed>
+ - moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=355556
CVE-2017-7531 (In Moodle 3.3, the course overview block reveals activities in hidden ...)
- moodle <not-affected> (Only affects 3.3)
@@ -22231,13 +22231,13 @@
CVE-2017-7492
REJECTED
CVE-2017-7491 (In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers ...)
- - moodle <unfixed>
+ - moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=352355
CVE-2017-7490 (In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because ...)
- - moodle <unfixed>
+ - moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=352354
CVE-2017-7489 (In Moodle 2.x and 3.x, remote authenticated users can take ownership of ...)
- - moodle <unfixed>
+ - moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=352353
CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information exposure ...)
NOT-FOR-US: authconfig in Red Hat
@@ -22900,7 +22900,7 @@
NOTE: Fixed by: https://git.kernel.org/linus/bcc5364bdcfe131e6379363f089e7b4108d35b70
NOTE: https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
CVE-2017-7298 (In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add ...)
- - moodle <unfixed> (unimportant)
+ - moodle <removed> (unimportant)
NOTE: http://www.daimacn.com/post/12.html
NOTE: https://tracker.moodle.org/browse/MDL-52038
NOTE: Not considered a security issue/bug upstream, disputed that it got a CVE
@@ -37100,7 +37100,7 @@
NOTE: https://tracker.moodle.org/browse/MDL-56526
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56526
CVE-2017-2642 (Moodle 3.x has user fullname disclosure on the user preferences page. ...)
- - moodle <unfixed>
+ - moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=355554
CVE-2017-2641 (In Moodle 2.x and 3.x, SQL injection can occur via user preferences. ...)
- moodle 2.7.19+dfsg-1
@@ -212408,7 +212408,7 @@
- moodle 1.8.2-2 (low; bug #492492)
NOTE: http://moodle.org/mod/forum/discuss.php?d=101401
CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...)
- - moodle <unfixed> (unimportant)
+ - moodle <removed> (unimportant)
NOTE: http://moodle.org/mod/forum/discuss.php?d=101403
NOTE: Does not allow any attack vectors, apart from gaining non-sensible information
CVE-2008-XXXX [mantis multiple issues]
@@ -242124,7 +242124,7 @@
- phppgadmin <unfixed> (unimportant)
- egroupware <unfixed> (unimportant)
- phpwiki <unfixed> (unimportant)
- - moodle <unfixed> (unimportant)
+ - moodle <removed> (unimportant)
NOTE: full path is known in Debian anyway
CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain ...)
NOT-FOR-US: Yahoo! Messenger
More information about the Secure-testing-commits
mailing list