[Secure-testing-team] Bug#799634: moodle: CVE-2015-5264 CVE-2015-5265 CVE-2015-5266 CVE-2015-5267 CVE-2015-5268 CVE-2015-5269 CVE-2015-5272
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 21 04:45:18 UTC 2015
Source: moodle
Version: 2.7.9+dfsg-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for moodle.
CVE-2015-5264[0]:
MSA-15-0030: Students can re-attempt answering questions in the lesson
CVE-2015-5265[1]:
MSA-15-0032: Users can delete files uploaded by other users in wiki
CVE-2015-5266[2]:
MSA-15-0033: Meta course synchronisation enrols suspended students as
managers for a short period of time
CVE-2015-5267[3]:
MSA-15-0034: Vulnerability in password recovery mechanism
CVE-2015-5268[4]:
MSA-15-0035: Rating component does not check separate groups
CVE-2015-5269[5]:
MSA-15-0036: XSS in grouping description
CVE-2015-5272[6]:
MSA-15-0031: Teacher in forum can still post to "all participants" and
groups they are not members of
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5264
[1] https://security-tracker.debian.org/tracker/CVE-2015-5265
[2] https://security-tracker.debian.org/tracker/CVE-2015-5266
[3] https://security-tracker.debian.org/tracker/CVE-2015-5267
[4] https://security-tracker.debian.org/tracker/CVE-2015-5268
[5] https://security-tracker.debian.org/tracker/CVE-2015-5269
[6] https://security-tracker.debian.org/tracker/CVE-2015-5272
[7] http://www.openwall.com/lists/oss-security/2015/09/21/1
Regards,
Salvatore
More information about the Secure-testing-team
mailing list