svn commit: r436376 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Sat Mar 18 02:15:28 UTC 2017
Author: junovitch
Date: Sat Mar 18 02:15:26 2017
New Revision: 436376
URL: https://svnweb.freebsd.org/changeset/ports/436376
Log:
Document Moodle security advisories from January (MSA-17-0001 - MSF-17-0004)
and March releases (details not yet released).
Security: CVE-2017-2576
Security: CVE-2017-2578
Security: CVE-2016-10045
Security: https://vuxml.FreeBSD.org/freebsd/f72d98d1-0b7e-11e7-970f-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/df45b4bd-0b7f-11e7-970f-002590263bf5.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sat Mar 18 01:52:58 2017 (r436375)
+++ head/security/vuxml/vuln.xml Sat Mar 18 02:15:26 2017 (r436376)
@@ -58,6 +58,98 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="df45b4bd-0b7f-11e7-970f-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle29</name>
+ <range><le>2.9.9</le></range>
+ </package>
+ <package>
+ <name>moodle30</name>
+ <range><lt>3.0.9</lt></range>
+ </package>
+ <package>
+ <name>moodle31</name>
+ <range><lt>3.1.5</lt></range>
+ </package>
+ <package>
+ <name>moodle32</name>
+ <range><lt>3.2.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Marina Glancy reports:</p>
+ <blockquote cite="https://moodle.org/news/#p1408104">
+ <p>In addition to a number of bug fixes and small improvements,
+ security vulnerabilities have been discovered and fixed. We highly
+ recommend that you upgrade your sites as soon as possible.
+ Upgrading should be very straightforward. As per our usual policy,
+ admins of all registered Moodle sites will be notified of security
+ issue details directly via email and we'll publish details more
+ widely in a week.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://moodle.org/news/#p1408104</url>
+ </references>
+ <dates>
+ <discovery>2017-03-13</discovery>
+ <entry>2017-03-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f72d98d1-0b7e-11e7-970f-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle29</name>
+ <range><le>2.9.9</le></range>
+ </package>
+ <package>
+ <name>moodle30</name>
+ <range><lt>3.0.8</lt></range>
+ </package>
+ <package>
+ <name>moodle31</name>
+ <range><lt>3.1.4</lt></range>
+ </package>
+ <package>
+ <name>moodle32</name>
+ <range><lt>3.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Marina Glancy reports:</p>
+ <blockquote cite="https://moodle.org/security/">
+ <ul>
+ <li><p>MSA-17-0001: System file inclusion when adding own preset
+ file in Boost theme</p></li>
+ <li><p>MSA-17-0002: Incorrect sanitation of attributes in forums
+ </p></li>
+ <li><p>MSA-17-0003: PHPMailer vulnerability in no-reply address
+ </p></li>
+ <li><p>MSA-17-0004: XSS in assignment submission page</p></li>
+ </ul>
+ <p>.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-2576</cvename>
+ <cvename>CVE-2017-2578</cvename>
+ <cvename>CVE-2016-10045</cvename>
+ <url>https://moodle.org/security/</url>
+ </references>
+ <dates>
+ <discovery>2017-01-17</discovery>
+ <entry>2017-03-18</entry>
+ </dates>
+ </vuln>
+
<vuln vid="2730c668-0b1c-11e7-8d52-6cf0497db129">
<topic>drupal8 -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list