diff options
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3664f145c84..2c5832ce9d5 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -498,19 +498,30 @@ Notes: <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Marina Glancy reports:</p> - <blockquote cite="https://docs.moodle.org/dev/Moodle_3.1.3_release_notes"> - <p>A number of security related issues were resolved. Details of these - issues will be released after a period of approximately one week to - allow system administrators to safely update to the latest version.</p> + <blockquote cite="https://moodle.org/security/"> + <ul> + <li><p>MSA-16-0023: Question engine allows access to files that + should not be available</p></li> + <li><p>MSA-16-0024: Non-admin site managers may accidentally edit + admins via web services</p></li> + <li><p>MSA-16-0025: Capability to view course notes is checked in + the wrong context</p></li> + <li><p>MSA-16-0026: When debugging is enabled, error exceptions + returned from webservices could contain private data</p></li> + </ul> </blockquote> </body> </description> <references> - <url>https://docs.moodle.org/dev/Moodle_3.1.3_release_notes</url> + <cvename>CVE-2016-8642</cvename> + <cvename>CVE-2016-8643</cvename> + <cvename>CVE-2016-8644</cvename> + <url>https://moodle.org/security/</url> </references> <dates> <discovery>2016-11-14</discovery> <entry>2016-11-16</entry> + <modified>2016-11-27</modified> </dates> </vuln> |