Author: nion
Date: 2010-06-10 14:05:56 +0000 (Thu, 10 Jun 2010)
New Revision: 14848

Modified:
   data/CVE/list
Log:
new moodle issues: CVE-2010-1619, CVE-2010-1618, CVE-2010-1617


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-06-10 12:18:11 UTC (rev 14847)
+++ data/CVE/list       2010-06-10 14:05:56 UTC (rev 14848)
@@ -1468,14 +1468,14 @@
 CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL 
certificates ...)
        NOT-FOR-US: Cerulean Studios Trillian
 CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...)
-       - moodle <undetermined>
-       TODO: check
+       - moodle <unfixed> (low; bug #585425)
 CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client 
library ...)
-       - moodle <undetermined>
-       TODO: check
+       - moodle <unfixed> (low; bug #574757)
 CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 
1.9.8 ...)
-       - moodle <undetermined>
-       TODO: check
+       - moodle <unfixed> (unimportant; bug #585427)
+       NOTE: i have a hard time seeing the security impact, moodle is a course 
management
+       NOTE: system and the real names of your colleagues are probably not a 
secret, since
+       NOTE: a patch exists I filed a bug anyway
 CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when 
...)
        - moodle <undetermined>
        TODO: check


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to