diff options
| author | junovitch <junovitch@FreeBSD.org> | 2017-03-18 10:15:26 +0800 |
|---|---|---|
| committer | Koop Mast <kwm@rainbow-runner.nl> | 2017-04-09 20:01:53 +0800 |
| commit | dacd1079d281de508e6b73c6cab64d0587ac494c (patch) | |
| tree | be8a7c5693b207207c2cea09ccf8d782bbf29508 /security | |
| parent | a3aa211bb8b2e3a897119909417f723bece04c44 (diff) | |
| download | freebsd-ports-gnome-dacd1079d281de508e6b73c6cab64d0587ac494c.tar.gz freebsd-ports-gnome-dacd1079d281de508e6b73c6cab64d0587ac494c.tar.zst freebsd-ports-gnome-dacd1079d281de508e6b73c6cab64d0587ac494c.zip | |
Document Moodle security advisories from January (MSA-17-0001 - MSF-17-0004)
and March releases (details not yet released).
Security: CVE-2017-2576
Security: CVE-2017-2578
Security: CVE-2016-10045
Security: https://vuxml.FreeBSD.org/freebsd/f72d98d1-0b7e-11e7-970f-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/df45b4bd-0b7f-11e7-970f-002590263bf5.html
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2f36cce29708..2292e8a4ad8e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,98 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="df45b4bd-0b7f-11e7-970f-002590263bf5"> + <topic>moodle -- multiple vulnerabilities</topic> + <affects> + <package> + <name>moodle29</name> + <range><le>2.9.9</le></range> + </package> + <package> + <name>moodle30</name> + <range><lt>3.0.9</lt></range> + </package> + <package> + <name>moodle31</name> + <range><lt>3.1.5</lt></range> + </package> + <package> + <name>moodle32</name> + <range><lt>3.2.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Marina Glancy reports:</p> + <blockquote cite="https://moodle.org/news/#p1408104"> + <p>In addition to a number of bug fixes and small improvements, + security vulnerabilities have been discovered and fixed. We highly + recommend that you upgrade your sites as soon as possible. + Upgrading should be very straightforward. As per our usual policy, + admins of all registered Moodle sites will be notified of security + issue details directly via email and we'll publish details more + widely in a week.</p> + </blockquote> + </body> + </description> + <references> + <url>https://moodle.org/news/#p1408104</url> + </references> + <dates> + <discovery>2017-03-13</discovery> + <entry>2017-03-18</entry> + </dates> + </vuln> + + <vuln vid="f72d98d1-0b7e-11e7-970f-002590263bf5"> + <topic>moodle -- multiple vulnerabilities</topic> + <affects> + <package> + <name>moodle29</name> + <range><le>2.9.9</le></range> + </package> + <package> + <name>moodle30</name> + <range><lt>3.0.8</lt></range> + </package> + <package> + <name>moodle31</name> + <range><lt>3.1.4</lt></range> + </package> + <package> + <name>moodle32</name> + <range><lt>3.2.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Marina Glancy reports:</p> + <blockquote cite="https://moodle.org/security/"> + <ul> + <li><p>MSA-17-0001: System file inclusion when adding own preset + file in Boost theme</p></li> + <li><p>MSA-17-0002: Incorrect sanitation of attributes in forums + </p></li> + <li><p>MSA-17-0003: PHPMailer vulnerability in no-reply address + </p></li> + <li><p>MSA-17-0004: XSS in assignment submission page</p></li> + </ul> + <p>.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-2576</cvename> + <cvename>CVE-2017-2578</cvename> + <cvename>CVE-2016-10045</cvename> + <url>https://moodle.org/security/</url> + </references> + <dates> + <discovery>2017-01-17</discovery> + <entry>2017-03-18</entry> + </dates> + </vuln> + <vuln vid="2730c668-0b1c-11e7-8d52-6cf0497db129"> <topic>drupal8 -- multiple vulnerabilities</topic> <affects> |