[Git][security-tracker-team/security-tracker][master] Process some new moodle CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 25 06:39:52 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0541631 by Salvatore Bonaccorso at 2025-02-25T07:39:31+01:00
Process some new moodle CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -114,21 +114,21 @@ CVE-2025-26803 (The http parser in Phusion Passenger 6.0.21 through 6.0.25 befor
 	NOTE: Introduced with: https://github.com/phusion/passenger/commit/f51fc490472882b236c52d708d605a1961dacb18 (release-6.0.21)
 	NOTE: Fixed by: https://github.com/phusion/passenger/commit/bb15591646687064ab2d578d5f9660b2a4168017 (release-6.0.26)
 CVE-2025-26532 (Additional checks were required to ensure trusttext is applied (when e ...)
-	TODO: check
+	- moodle <removed>
 CVE-2025-26531 (Insufficient capability checks made it possible to disable badges a us ...)
-	TODO: check
+	- moodle <removed>
 CVE-2025-26530 (The question bank filter required additional sanitizing to prevent a r ...)
-	TODO: check
+	- moodle <removed>
 CVE-2025-26529 (Description information displayed in the site administration live log  ...)
-	TODO: check
+	- moodle <removed>
 CVE-2025-26528 (The drag-and-drop onto image (ddimageortext) question type required ad ...)
-	TODO: check
+	- moodle <removed>
 CVE-2025-26527 (Tags not expected to be visible to a user could still be discovered by ...)
-	TODO: check
+	- moodle <removed>
 CVE-2025-26526 (Separate Groups mode restrictions were not factored into permission  c ...)
-	TODO: check
+	- moodle <removed>
 CVE-2025-26525 (Insufficient sanitizing in the TeX notation filter resulted in an  arb ...)
-	TODO: check
+	- moodle <removed>
 CVE-2025-26201 (Credential disclosure vulnerability via the /staff route in GreaterWMS ...)
 	NOT-FOR-US: GreaterWMS
 CVE-2025-26200 (SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate pr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0541631e8443657648a412b8e45a2da693d5bd9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0541631e8443657648a412b8e45a2da693d5bd9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250225/fa0d9031/attachment.htm>

More information about the debian-security-tracker-commits mailing list