/[advisories]/10136.adv
ViewVC logotype

Contents of /10136.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 40 - (show annotations) (download)
Tue Jun 18 15:55:08 2013 UTC (4 years, 5 months ago) by boklm
File size: 1368 byte(s)
Remove CVE links from references

CVE links are now added automatically
1 ID: MGASA-2013-0162
2 pubtime: 1370521473
3 type: security
4 src:
5 3:
6 core:
7 - moodle-2.4.4-1.mga3
8 CVE:
9 - CVE-2013-2079
10 - CVE-2013-2080
11 - CVE-2013-2081
12 - CVE-2013-2082
13 - CVE-2013-2083
14 subject: Updated moodle package fix security vulnerabilities
15 description: |
16 The assignment module in Moodle before 2.4.4 was not checking capabilities
17 for users downloading all assignments as a zip (CVE-2013-2079).
18
19 The Gradebook's Overview report in Moodle before 2.4.4 was showing grade
20 totals that may have incorrectly included hidden grades (CVE-2013-2080).
21
22 When registering a site on a hub (not Moodle.net) site in Moodle before
23 2.4.4, information was being sent to the hub regardless of settings chosen
24 (CVE-2013-2081).
25
26 There was no check of permissions for viewing comments on blog posts in
27 Moodle before 2.4.4 (CVE-2013-2082).
28
29 Form elements named using a specific naming scheme were not being filtered
30 correctly in Moodle before 2.4.4 (CVE-2013-2083).
31 references:
32 - https://moodle.org/mod/forum/discuss.php?d=228930
33 - https://moodle.org/mod/forum/discuss.php?d=228931
34 - https://moodle.org/mod/forum/discuss.php?d=228933
35 - https://moodle.org/mod/forum/discuss.php?d=228934
36 - https://moodle.org/mod/forum/discuss.php?d=228935
37 - http://docs.moodle.org/dev/Moodle_2.4.4_release_notes
38 - https://moodle.org/mod/forum/discuss.php?d=228536

  ViewVC Help
Powered by ViewVC 1.1.26