Date: Mon, 21 Dec 2015 00:41:29 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r404079 - head/security/vuxml Message-ID: <201512210041.tBL0fTXm037446@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Mon Dec 21 00:41:29 2015 New Revision: 404079 URL: https://svnweb.freebsd.org/changeset/ports/404079 Log: Revise Moodle multiple security vulnerabilities from r401745 to reflect recently published advisory Security: https://vuxml.FreeBSD.org/freebsd/82b3ca2a-8c07-11e5-bd18-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Dec 21 00:21:53 2015 (r404078) +++ head/security/vuxml/vuln.xml Mon Dec 21 00:41:29 2015 (r404079) @@ -2148,11 +2148,21 @@ Notes: <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Moodle Release Notes report:</p> - <blockquote cite="https://docs.moodle.org/dev/Moodle_2.8.9_release_notes"> - <p>A number of security related issues were resolved. Details of - these issues will be released after a period of approximately one - week to allow system administrators to safely update to the latest - version.</p> + <blockquote cite="https://docs.moodle.org/dev/Moodle_2.9.3_release_notes"> + <p>MSA-15-0037 Possible to send a message to a user who blocked + messages from non contacts</p> + <p>MSA-15-0038 DDoS possibility in Atto</p> + <p>MSA-15-0039 CSRF in site registration form</p> + <p>MSA-15-0040 Student XSS in survey</p> + <p>MSA-15-0041 XSS in flash video player</p> + <p>MSA-15-0042 CSRF in lesson login form</p> + <p>MSA-15-0043 Web service core_enrol_get_enrolled_users does not + respect course group mode</p> + <p>MSA-15-0044 Capability to view available badges is not + respected</p> + <p>MSA-15-0045 SCORM module allows to bypass access restrictions based + on date</p> + <p>MSA-15-0046 Choice module closing date can be bypassed</p> </blockquote> </body> </description> @@ -2164,6 +2174,7 @@ Notes: <dates> <discovery>2015-11-09</discovery> <entry>2015-11-16</entry> + <modified>2015-12-21</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201512210041.tBL0fTXm037446>