Date: Sat, 18 Mar 2017 02:15:27 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r436376 - head/security/vuxml Message-ID: <201703180215.v2I2FRp6067870@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Sat Mar 18 02:15:26 2017 New Revision: 436376 URL: https://svnweb.freebsd.org/changeset/ports/436376 Log: Document Moodle security advisories from January (MSA-17-0001 - MSF-17-0004) and March releases (details not yet released). Security: CVE-2017-2576 Security: CVE-2017-2578 Security: CVE-2016-10045 Security: https://vuxml.FreeBSD.org/freebsd/f72d98d1-0b7e-11e7-970f-002590263bf5.html Security: https://vuxml.FreeBSD.org/freebsd/df45b4bd-0b7f-11e7-970f-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Mar 18 01:52:58 2017 (r436375) +++ head/security/vuxml/vuln.xml Sat Mar 18 02:15:26 2017 (r436376) @@ -58,6 +58,98 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="df45b4bd-0b7f-11e7-970f-002590263bf5"> + <topic>moodle -- multiple vulnerabilities</topic> + <affects> + <package> + <name>moodle29</name> + <range><le>2.9.9</le></range> + </package> + <package> + <name>moodle30</name> + <range><lt>3.0.9</lt></range> + </package> + <package> + <name>moodle31</name> + <range><lt>3.1.5</lt></range> + </package> + <package> + <name>moodle32</name> + <range><lt>3.2.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Marina Glancy reports:</p> + <blockquote cite="https://moodle.org/news/#p1408104">; + <p>In addition to a number of bug fixes and small improvements, + security vulnerabilities have been discovered and fixed. We highly + recommend that you upgrade your sites as soon as possible. + Upgrading should be very straightforward. As per our usual policy, + admins of all registered Moodle sites will be notified of security + issue details directly via email and we'll publish details more + widely in a week.</p> + </blockquote> + </body> + </description> + <references> + <url>https://moodle.org/news/#p1408104</url>; + </references> + <dates> + <discovery>2017-03-13</discovery> + <entry>2017-03-18</entry> + </dates> + </vuln> + + <vuln vid="f72d98d1-0b7e-11e7-970f-002590263bf5"> + <topic>moodle -- multiple vulnerabilities</topic> + <affects> + <package> + <name>moodle29</name> + <range><le>2.9.9</le></range> + </package> + <package> + <name>moodle30</name> + <range><lt>3.0.8</lt></range> + </package> + <package> + <name>moodle31</name> + <range><lt>3.1.4</lt></range> + </package> + <package> + <name>moodle32</name> + <range><lt>3.2.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Marina Glancy reports:</p> + <blockquote cite="https://moodle.org/security/">; + <ul> + <li><p>MSA-17-0001: System file inclusion when adding own preset + file in Boost theme</p></li> + <li><p>MSA-17-0002: Incorrect sanitation of attributes in forums + </p></li> + <li><p>MSA-17-0003: PHPMailer vulnerability in no-reply address + </p></li> + <li><p>MSA-17-0004: XSS in assignment submission page</p></li> + </ul> + <p>.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-2576</cvename> + <cvename>CVE-2017-2578</cvename> + <cvename>CVE-2016-10045</cvename> + <url>https://moodle.org/security/</url>; + </references> + <dates> + <discovery>2017-01-17</discovery> + <entry>2017-03-18</entry> + </dates> + </vuln> + <vuln vid="2730c668-0b1c-11e7-8d52-6cf0497db129"> <topic>drupal8 -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703180215.v2I2FRp6067870>