thijs at alioth.debian.org
2008-Mar-16 16:28 UTC
[Secure-testing-commits] r8348 - data/CVE
Author: thijs Date: 2008-03-16 16:28:30 +0000 (Sun, 16 Mar 2008) New Revision: 8348 Modified: data/CVE/list Log: moodle not affected by this specific smarty bug Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-03-16 16:18:08 UTC (rev 8347) +++ data/CVE/list 2008-03-16 16:28:30 UTC (rev 8348) @@ -506,9 +506,10 @@ - phpqladmin <removed> CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used ...) - smarty 2.6.18-1.1 (low; bug #469492) - - moodle <unfixed> (low; bug #471158) + - moodle <not-affected> (low; bug #471158) - gallery2 <unfixed> (low; bug #471160) - mahara <unfixed> (low; bug #471201) + NOTE: Moodle ships Smarty but uses it in only one file, which doesn''t use regex_replace CVE-2008-1065 (Multiple SQL injection vulnerabilities in index.php in the ...) NOT-FOR-US: xmmemberstats module for XOOPS CVE-2008-1064 (Cross-site scripting (XSS) vulnerability in images.php in the Red ...)