Summary: | <www-apps/moodle-3.10.4: XSS vulnerability (CVE-2021-32244) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | blueness, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2021-06-22 23:18:27 UTC
I've bumped to 3.10.4 which is fixed. Thanks! Please cleanup <3.10.4 Ping. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. (In reply to John Helmert III from comment #3) > Ping. Sorry that was cleaned up a while ago even though I didn't respond here. (In reply to Anthony Basile from comment #11) > (In reply to John Helmert III from comment #3) > > Ping. > > Sorry that was cleaned up a while ago even though I didn't respond here. What about 3.9.x? (In reply to John Helmert III from comment #12) > (In reply to Anthony Basile from comment #11) > > (In reply to John Helmert III from comment #3) > > > Ping. > > > > Sorry that was cleaned up a while ago even though I didn't respond here. > > What about 3.9.x? Three branches of moodle are supported (with security). As of today, all three version of moodle on the tree are up to day: 3.9.9, 3.10.6, 3.11.2. (In reply to Anthony Basile from comment #13) > (In reply to John Helmert III from comment #12) > > (In reply to Anthony Basile from comment #11) > > > (In reply to John Helmert III from comment #3) > > > > Ping. > > > > > > Sorry that was cleaned up a while ago even though I didn't respond here. > > > > What about 3.9.x? > > Three branches of moodle are supported (with security). As of today, all > three version of moodle on the tree are up to day: 3.9.9, 3.10.6, 3.11.2. I see, maybe you're confused because 3.9.9 < 3.10.4. Not really. 3.9.9 has the security fix cited in this bug. (In reply to Anthony Basile from comment #14) > (In reply to Anthony Basile from comment #13) > > (In reply to John Helmert III from comment #12) > > > (In reply to Anthony Basile from comment #11) > > > > (In reply to John Helmert III from comment #3) > > > > > Ping. > > > > > > > > Sorry that was cleaned up a while ago even though I didn't respond here. > > > > > > What about 3.9.x? > > > > Three branches of moodle are supported (with security). As of today, all > > three version of moodle on the tree are up to day: 3.9.9, 3.10.6, 3.11.2. > > I see, maybe you're confused because 3.9.9 < 3.10.4. Not really. 3.9.9 > has the security fix cited in this bug. Yeah, that was it. Works for me, thanks! All unstable so no GLSA. All done. |