These are all fixed in 1.5.3.
Well, to be exact about the SQL injection we found it was almost impossible
to fix completely so we now just recommend correct PHP settings to overcome
that problem. It turns out that the particular settings that allowed
the SQL
injection were actually quite rare.
See http://security.moodle.org/
Cheers,
Martin
Moritz Muehlenhoff wrote:
Sorry, I've been to hasty:
The redirection vulnerability in jumpto.php is CVE-2005-3649 and
the SQL injection vulnerabilities are CVE-2005-3648.
Cheers,
Moritz
--
/// Moodle - open-source software for collaborative learning
///
/// Free software, community, information: http://moodle.org
/// Commercial support and other services: http://moodle.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
