Hi Salvatore, Op Mon, Jul 13, 2015 at 06:46:53AM +0200 schreef Salvatore Bonaccorso: > Source: moodle > Version: 2.7.8+dfsg-1 > Severity: important > Tags: security upstream fixed-upstream > > Hi, > > the following vulnerabilities were published for moodle. > > CVE-2015-3272[0]: > Possible phishing when redirecting to external site using referer header > > CVE-2015-3274[1]: > Possible XSS through custom text profile fields in Web Services > > CVE-2015-3275[2]: > Javascript injection in SCORM module > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-3272 > [1] https://security-tracker.debian.org/tracker/CVE-2015-3274 > [2] https://security-tracker.debian.org/tracker/CVE-2015-3275 > [3] http://www.openwall.com/lists/oss-security/2015/07/13/2
Thanks for the heads up; I was expecting this at around this time. Monday, July 6, 2015, 10:25 AM "Moodle [...] 2.7.9 [...] now available" ( https://moodle.org/news/#p1267347 ) I'll package this new upstream security release this month. Reported issues are very likely fixed in that one (I'll check). Bye, Joost -- Joost van Baal-Ilić http://abramowitz.uvt.nl/ Tilburg University mailto:joostvb.uvt.nl The Netherlands
signature.asc
Description: Digital signature
