[Secure-testing-team] Bug#792242: moodle: CVE-2015-3272 CVE-2015-3274 CVE-2015-3275
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 13 04:46:53 UTC 2015
Source: moodle
Version: 2.7.8+dfsg-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for moodle.
CVE-2015-3272[0]:
Possible phishing when redirecting to external site using referer header
CVE-2015-3274[1]:
Possible XSS through custom text profile fields in Web Services
CVE-2015-3275[2]:
Javascript injection in SCORM module
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3272
[1] https://security-tracker.debian.org/tracker/CVE-2015-3274
[2] https://security-tracker.debian.org/tracker/CVE-2015-3275
[3] http://www.openwall.com/lists/oss-security/2015/07/13/2
Regards,
Salvatore
More information about the Secure-testing-team
mailing list