Source: moodle Version: 2.7.9+dfsg-1 Severity: grave Tags: security upstream fixed-upstream
Hi, the following vulnerabilities were published for moodle. CVE-2015-5264[0]: MSA-15-0030: Students can re-attempt answering questions in the lesson CVE-2015-5265[1]: MSA-15-0032: Users can delete files uploaded by other users in wiki CVE-2015-5266[2]: MSA-15-0033: Meta course synchronisation enrols suspended students as managers for a short period of time CVE-2015-5267[3]: MSA-15-0034: Vulnerability in password recovery mechanism CVE-2015-5268[4]: MSA-15-0035: Rating component does not check separate groups CVE-2015-5269[5]: MSA-15-0036: XSS in grouping description CVE-2015-5272[6]: MSA-15-0031: Teacher in forum can still post to "all participants" and groups they are not members of If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5264 [1] https://security-tracker.debian.org/tracker/CVE-2015-5265 [2] https://security-tracker.debian.org/tracker/CVE-2015-5266 [3] https://security-tracker.debian.org/tracker/CVE-2015-5267 [4] https://security-tracker.debian.org/tracker/CVE-2015-5268 [5] https://security-tracker.debian.org/tracker/CVE-2015-5269 [6] https://security-tracker.debian.org/tracker/CVE-2015-5272 [7] http://www.openwall.com/lists/oss-security/2015/09/21/1 Regards, Salvatore