Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220041
Summary: CVE-2006-6625, CVE-2006-6626: moodle XSS vulnerabilities Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: moodle AssignedTo: imlinux@gmail.com ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: extras-qa@fedoraproject.org,fedora-security- list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6625 Reported against 1.6.1 but an upstream patch which I suppose fixes this is not applied in 1.6.3: http://moodle.cvs.sourceforge.net/moodle/moodle/mod/forum/discuss.php?r1=1.6...
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6626 Reported against 1.5, too little information available at the moment to say whether this is an issue with 1.6.3.
All FC4+ distro releases are equally affected (or not).
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-6625, CVE-2006-6626: moodle XSS vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220041
imlinux@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-6625, CVE-2006-6626: moodle XSS vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220041
bugzilla@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |medium
ville.skytta@iki.fi changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|imlinux@gmail.com |Jerry.James@usu.edu
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-6625, CVE-2006-6626: moodle XSS vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220041
Jerry.James@usu.edu changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |NEXTRELEASE
------- Additional Comments From Jerry.James@usu.edu 2007-04-15 18:19 EST ------- The patch that fixes CVE-2006-6625 is present in 1.6.5, which is being released for FC 5 and FC 6, and it is also present in 1.8.0, which is being released for FC 7. CVE-2006-6626 was also patched in some release prior to those two, so both are fixed in the next release.
security@lists.fedoraproject.org