From c554e90e6b02c8b26152feb41096515fac700283 Mon Sep 17 00:00:00 2001 From: feld Date: Sat, 18 Jul 2015 23:16:04 +0000 Subject: Document recent Moodle security advisories Security: CVE-2015-3272 Security: CVE-2015-3273 Security: CVE-2015-3274 Security: CVE-2015-3275 Security: 43891162-2d5e-11e5-a4a5-002590263bf5 PR: 201675 --- security/vuxml/vuln.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 51c136691b00..9319ebb959a5 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,54 @@ Notes: --> + + moodle -- multiple vulnerabilities + + + moodle27 + 2.7.9 + + + moodle28 + 2.8.7 + + + moodle29 + 2.9.1 + + + + +

Marina Glancy reports:

+
MSA-15-0026: Possible phishing when redirecting to external site + using referer header. (CVE-2015-3272)
+
MSA-15-0027: Capability 'mod/forum:canposttomygroups' is not + respected when using 'Post a copy to all groups' in forum + (CVE-2015-3273)
+
MSA-15-0028: Possible XSS through custom text profile fields in Web + Services (CVE-2015-3274)
+
MSA-15-0029: Javascript injection in SCORM module (CVE-2015-3275) +
+

+ + + + CVE-2015-3272 + CVE-2015-3273 + CVE-2015-3274 + CVE-2015-3275 + http://seclists.org/oss-sec/2015/q3/94 + https://docs.moodle.org/dev/Moodle_2.7.9_release_notes + https://docs.moodle.org/dev/Moodle_2.8.7_release_notes + https://docs.moodle.org/dev/Moodle_2.7.9_release_notes + + + 2015-07-06 + 2015-07-18 + + + apache22 -- chunk header parsing defect -- cgit