Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 27 Nov 2016 03:07:49 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r427189 - head/security/vuxml
Message-ID:  <201611270307.uAR37naa049069@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: junovitch
Date: Sun Nov 27 03:07:49 2016
New Revision: 427189
URL: https://svnweb.freebsd.org/changeset/ports/427189

Log:
  Revise earlier Moodle entry with released advisories (MSA-16-0023 - MSA-16-026)
  
  Security:	CVE-2016-8642
  Security:	CVE-2016-8643
  Security:	CVE-2016-8644

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Sun Nov 27 02:50:02 2016	(r427188)
+++ head/security/vuxml/vuln.xml	Sun Nov 27 03:07:49 2016	(r427189)
@@ -498,19 +498,30 @@ Notes:
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Marina Glancy reports:</p>
-	<blockquote cite="https://docs.moodle.org/dev/Moodle_3.1.3_release_notes">;
-	  <p>A number of security related issues were resolved. Details of these
-	    issues will be released after a period of approximately one week to
-	    allow system administrators to safely update to the latest version.</p>
+	<blockquote cite="https://moodle.org/security/">;
+	  <ul>
+	    <li><p>MSA-16-0023: Question engine allows access to files that
+	    should not be available</p></li>
+	    <li><p>MSA-16-0024: Non-admin site managers may accidentally edit
+	    admins via web services</p></li>
+	    <li><p>MSA-16-0025: Capability to view course notes is checked in
+	    the wrong context</p></li>
+	    <li><p>MSA-16-0026: When debugging is enabled, error exceptions
+	    returned from webservices could contain private data</p></li>
+	  </ul>
 	</blockquote>
       </body>
     </description>
     <references>
-      <url>https://docs.moodle.org/dev/Moodle_3.1.3_release_notes</url>;
+      <cvename>CVE-2016-8642</cvename>
+      <cvename>CVE-2016-8643</cvename>
+      <cvename>CVE-2016-8644</cvename>
+      <url>https://moodle.org/security/</url>;
     </references>
     <dates>
       <discovery>2016-11-14</discovery>
       <entry>2016-11-16</entry>
+      <modified>2016-11-27</modified>
     </dates>
   </vuln>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611270307.uAR37naa049069>