Summary: | <=www-apps/moodle-2.0.1: XSS | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | blueness, jah, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/43133/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-02-01 19:40:20 UTC
This is upstream's (private) ticket MDL-26237. The following commit addresses the issue: http://git.moodle.org/gw?p=moodle.git;a=commit;h=bd654f0ced8af925c27b7c94321f0c299b50b38e Effectively phpcoverage.remote.bottom.inc.php and phpcoverage.remote.top.inc.php are just turned off with an initial die(). The security issue has been resolved. moodle-2.0.2.ebuild has been in the tree since Feb 22, and I just removed the vulnerable version. This bug should be good for a GLSA. (In reply to comment #2) > The security issue has been resolved. moodle-2.0.2.ebuild has been in the > tree since Feb 22, and I just removed the vulnerable version. > Thanks > This bug should be good for a GLSA. The package was never stable, so no advisory is issued. Closing noglsa. |