Author: nion Date: 2010-06-10 14:05:56 +0000 (Thu, 10 Jun 2010) New Revision: 14848 Modified: data/CVE/list Log: new moodle issues: CVE-2010-1619, CVE-2010-1618, CVE-2010-1617 Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-06-10 12:18:11 UTC (rev 14847) +++ data/CVE/list 2010-06-10 14:05:56 UTC (rev 14848) @@ -1468,14 +1468,14 @@ CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL certificates ...) NOT-FOR-US: Cerulean Studios Trillian CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...) - - moodle <undetermined> - TODO: check + - moodle <unfixed> (low; bug #585425) CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library ...) - - moodle <undetermined> - TODO: check + - moodle <unfixed> (low; bug #574757) CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 ...) - - moodle <undetermined> - TODO: check + - moodle <unfixed> (unimportant; bug #585427) + NOTE: i have a hard time seeing the security impact, moodle is a course management + NOTE: system and the real names of your colleagues are probably not a secret, since + NOTE: a patch exists I filed a bug anyway CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when ...) - moodle <undetermined> TODO: check