svn commit: r397210 - head/security/vuxml

Jason Unovitch junovitch at FreeBSD.org
Fri Sep 18 02:23:58 UTC 2015 

Author: junovitch
Date: Fri Sep 18 02:23:56 2015
New Revision: 397210
URL: https://svnweb.freebsd.org/changeset/ports/397210

Log:
  Document Moodle multiple security vulnerabilities
  
  Note upstream has not released CVE assignments or details of the issues at
  this time. Document the current verbiage from the release notes to help
  downstream users proactively update.

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Sep 18 01:34:31 2015	(r397209)
+++ head/security/vuxml/vuln.xml	Fri Sep 18 02:23:56 2015	(r397210)
@@ -58,6 +58,44 @@ Notes:
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="c2fcbec2-5daa-11e5-9909-002590263bf5">
+    <topic>moodle -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>moodle27</name>
+	<range><lt>2.7.10</lt></range>
+      </package>
+      <package>
+	<name>moodle28</name>
+	<range><lt>2.8.8</lt></range>
+      </package>
+      <package>
+	<name>moodle29</name>
+	<range><lt>2.9.2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Moodle Release Notes report:</p>
+	<blockquote cite="https://docs.moodle.org/dev/Moodle_2.9.2_release_notes">
+	  <p>A number of security related issues were resolved. Details of
+	    these issues will be released after a period of approximately one
+	    week to allow system administrators to safely update to the latest
+	    version.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://docs.moodle.org/dev/Moodle_2.7.10_release_notes</url>
+      <url>https://docs.moodle.org/dev/Moodle_2.8.8_release_notes</url>
+      <url>https://docs.moodle.org/dev/Moodle_2.9.2_release_notes</url>
+    </references>
+    <dates>
+      <discovery>2015-09-14</discovery>
+      <entry>2015-09-18</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="d3a98c2d-5da1-11e5-9909-002590263bf5">
     <topic>squid -- TLS/SSL parser denial of service vulnerability</topic>
     <affects>

More information about the svn-ports-all mailing list