Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Dec 2015 00:41:29 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r404079 - head/security/vuxml
Message-ID:  <201512210041.tBL0fTXm037446@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: junovitch
Date: Mon Dec 21 00:41:29 2015
New Revision: 404079
URL: https://svnweb.freebsd.org/changeset/ports/404079

Log:
  Revise Moodle multiple security vulnerabilities from r401745 to reflect
  recently published advisory
  
  Security:	https://vuxml.FreeBSD.org/freebsd/82b3ca2a-8c07-11e5-bd18-002590263bf5.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon Dec 21 00:21:53 2015	(r404078)
+++ head/security/vuxml/vuln.xml	Mon Dec 21 00:41:29 2015	(r404079)
@@ -2148,11 +2148,21 @@ Notes:
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Moodle Release Notes report:</p>
-	<blockquote cite="https://docs.moodle.org/dev/Moodle_2.8.9_release_notes">;
-	  <p>A number of security related issues were resolved.  Details of
-	    these issues will be released after a period of approximately one
-	    week to allow system administrators to safely update to the latest
-	    version.</p>
+	<blockquote cite="https://docs.moodle.org/dev/Moodle_2.9.3_release_notes">;
+	  <p>MSA-15-0037 Possible to send a message to a user who blocked
+	    messages from non contacts</p>
+	  <p>MSA-15-0038 DDoS possibility in Atto</p>
+	  <p>MSA-15-0039 CSRF in site registration form</p>
+	  <p>MSA-15-0040 Student XSS in survey</p>
+	  <p>MSA-15-0041 XSS in flash video player</p>
+	  <p>MSA-15-0042 CSRF in lesson login form</p>
+	  <p>MSA-15-0043 Web service core_enrol_get_enrolled_users does not
+	    respect course group mode</p>
+	  <p>MSA-15-0044 Capability to view available badges is not
+	    respected</p>
+	  <p>MSA-15-0045 SCORM module allows to bypass access restrictions based
+	    on date</p>
+	  <p>MSA-15-0046 Choice module closing date can be bypassed</p>
 	</blockquote>
       </body>
     </description>
@@ -2164,6 +2174,7 @@ Notes:
     <dates>
       <discovery>2015-11-09</discovery>
       <entry>2015-11-16</entry>
+      <modified>2015-12-21</modified>
     </dates>
   </vuln>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201512210041.tBL0fTXm037446>