On Thursday 24 August 2006 02:10, Jason L Tibbitts III wrote: > >>>>> "TM" == Till Maas <opensource@xxxxxxxxx> writes: > > TM> Aloa, I just noticed that moodle is not up-to-date and misses > TM> security fixes, see: > > TM> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844 > > There's not a whole lot of information in that bug report. > > I see CVE-2006-3951 as being related to this. Is there something > else? Do you have a link to the moodle release information that might > supply more details? The link to the release information is in the URL-Field of the bug report but I added it as a comment because it is easy to overlook - I needed to search for it though I knew it was there ;-) Here is the information: Changelog: http://docs.moodle.org/en/Release_Notes#Various_fixes ----9<---- Moodle 1.5.4 21st May, 2006 (Because this release contains important security fixes, we highly advise that sites using any previous version of Moodle upgrade to this version as soon as possible.) Various fixes Security Improved kses cleaning of html SC#204 Prevent unwanted password change here SC#225 Fix for Secunia Advisory SA18267, plus some logging of suspicious activity. AdoDB tests cleanup after Secunia Advisory SA18267 Fixed $cfg->forceloginforprofiles logic SC#207. Backported from HEAD ---->8---- I did not look into the details. Regards, Till
Attachment:
pgpRPME5R4xsR.pgp
Description: PGP signature
-- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
