svn commit: r427189 - head/security/vuxml

Sun Nov 27 03:07:51 UTC 2016

Author: junovitch
Date: Sun Nov 27 03:07:49 2016
New Revision: 427189
URL: https://svnweb.freebsd.org/changeset/ports/427189

Log:
  Revise earlier Moodle entry with released advisories (MSA-16-0023 - MSA-16-026)
  
  Security:	CVE-2016-8642
  Security:	CVE-2016-8643
  Security:	CVE-2016-8644

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================

--- head/security/vuxml/vuln.xml	Sun Nov 27 02:50:02 2016	(r427188)
+++ head/security/vuxml/vuln.xml	Sun Nov 27 03:07:49 2016	(r427189)
@@ -498,19 +498,30 @@ Notes:
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Marina Glancy reports:</p>
-	<blockquote cite="https://docs.moodle.org/dev/Moodle_3.1.3_release_notes">
-	  <p>A number of security related issues were resolved. Details of these
-	    issues will be released after a period of approximately one week to
-	    allow system administrators to safely update to the latest version.</p>
+	<blockquote cite="https://moodle.org/security/">
+	  <ul>
+	    <li><p>MSA-16-0023: Question engine allows access to files that
+	    should not be available</p></li>
+	    <li><p>MSA-16-0024: Non-admin site managers may accidentally edit
+	    admins via web services</p></li>
+	    <li><p>MSA-16-0025: Capability to view course notes is checked in
+	    the wrong context</p></li>
+	    <li><p>MSA-16-0026: When debugging is enabled, error exceptions
+	    returned from webservices could contain private data</p></li>
+	  </ul>
 	</blockquote>
       </body>
     </description>
     <references>
-      <url>https://docs.moodle.org/dev/Moodle_3.1.3_release_notes</url>
+      <cvename>CVE-2016-8642</cvename>
+      <cvename>CVE-2016-8643</cvename>
+      <cvename>CVE-2016-8644</cvename>
+      <url>https://moodle.org/security/</url>
     </references>
     <dates>
       <discovery>2016-11-14</discovery>
       <entry>2016-11-16</entry>
+      <modified>2016-11-27</modified>
     </dates>
   </vuln>
 
