svn commit: r412441 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Sun Apr 3 02:11:53 UTC 2016
Author: junovitch
Date: Sun Apr 3 02:11:52 2016
New Revision: 412441
URL: https://svnweb.freebsd.org/changeset/ports/412441
Log:
Document multiple security advisories for Moodle
Security: CVE-2016-2151
Security: CVE-2016-2152
Security: CVE-2016-2153
Security: CVE-2016-2154
Security: CVE-2016-2155
Security: CVE-2016-2156
Security: CVE-2016-2157
Security: CVE-2016-2158
Security: CVE-2016-2159
Security: CVE-2016-2190
Security: https://vuxml.FreeBSD.org/freebsd/a430e15d-f93f-11e5-92ce-002590263bf5.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Apr 3 00:48:24 2016 (r412440)
+++ head/security/vuxml/vuln.xml Sun Apr 3 02:11:52 2016 (r412441)
@@ -58,6 +58,70 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="a430e15d-f93f-11e5-92ce-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle28</name>
+ <range><lt>2.8.11</lt></range>
+ </package>
+ <package>
+ <name>moodle29</name>
+ <range><lt>2.9.5</lt></range>
+ </package>
+ <package>
+ <name>moodle30</name>
+ <range><lt>3.0.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Marina Glancy reports:</p>
+ <blockquote cite="https://moodle.org/security/">
+ <ul>
+ <li><p>MSA-16-0003: Incorrect capability check when displaying
+ users emails in Participants list</p></li>
+ <li><p>MSA-16-0004: XSS from profile fields from external db</p>
+ </li>
+ <li><p>MSA-16-0005: Reflected XSS in mod_data advanced search</p>
+ </li>
+ <li><p>MSA-16-0006: Hidden courses are shown to students in Event
+ Monitor</p></li>
+ <li><p>MSA-16-0007: Non-Editing Instructor role can edit exclude
+ checkbox in Single View</p></li>
+ <li><p>MSA-16-0008: External function get_calendar_events return
+ events that pertains to hidden activities</p></li>
+ <li><p>MSA-16-0009: CSRF in Assignment plugin management page</p>
+ </li>
+ <li><p>MSA-16-0010: Enumeration of category details possible without
+ authentication</p></li>
+ <li><p>MSA-16-0011: Add no referrer to links with _blank target
+ attribute</p></li>
+ <li><p>MSA-16-0012: External function mod_assign_save_submission
+ does not check due dates</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2151</cvename>
+ <cvename>CVE-2016-2152</cvename>
+ <cvename>CVE-2016-2153</cvename>
+ <cvename>CVE-2016-2154</cvename>
+ <cvename>CVE-2016-2155</cvename>
+ <cvename>CVE-2016-2156</cvename>
+ <cvename>CVE-2016-2157</cvename>
+ <cvename>CVE-2016-2158</cvename>
+ <cvename>CVE-2016-2190</cvename>
+ <cvename>CVE-2016-2159</cvename>
+ <url>https://moodle.org/security/</url>
+ </references>
+ <dates>
+ <discovery>2016-03-21</discovery>
+ <entry>2016-04-03</entry>
+ </dates>
+ </vuln>
+
<vuln vid="297117ba-f92d-11e5-92ce-002590263bf5">
<topic>squid -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list