Package: moodle Severity: serious Tags: security -------- Original Message -------- Subject: Notice about two security vulnerabilities and Moodle 1.8.2 Resent-Date: Sun, 8 Jul 2007 23:56:15 +0200 (CEST) Resent-From: Sven Olofsson DSV, SU/KTH <[EMAIL PROTECTED]> Resent-To: Per Olofsson <[EMAIL PROTECTED]> Date: Mon, 9 Jul 2007 00:21:56 +0800 From: Martin Dougiamas <[EMAIL PROTECTED]> Reply-To: Do not reply to this email <[EMAIL PROTECTED]> To: [EMAIL PROTECTED]
Hi all, You're receiving this message because you have registered at least one Moodle site with moodle.org. We just want to let you know that a couple of XSS (cross-site scripting) security issues were fixed recently. These could be exploited by a student or some other user placing malicious links into your Moodle content to gain access to your account (if you click on them). The bugs are fixed in Moodle 1.8.2 (available for download) and have been backported to all recent branches, so at the very least upgrade to the latest 1.6+ or 1.7+. Upgrading is recommended as at least one of these vulnerabilities has been published widely. More details on http://security.moodle.org [ http://security.moodle.org ] Cheers, Martin (Moodle Lead Developer) -- Pelle -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
