[moodle/el5] Patch for CVE-2012-6098, CVE-2012-6100.

Jon Ciesla limb at fedoraproject.org
Wed Jan 23 17:40:25 UTC 2013 

commit 267b8b9ee315db444cf76c53fa88712e80eda0cd
Author: Jon Ciesla <limburgher at gmail.com>
Date:   Wed Jan 23 11:37:29 2013 -0600

    Patch for CVE-2012-6098, CVE-2012-6100.

 moodle-CVE-2012-6098-6100.patch |   24 ++++++++++++++++++++++++
 moodle.spec                     |    7 ++++++-
 2 files changed, 30 insertions(+), 1 deletions(-)
---
diff --git a/moodle-CVE-2012-6098-6100.patch b/moodle-CVE-2012-6098-6100.patch
new file mode 100644
index 0000000..a0fff50
--- /dev/null
+++ b/moodle-CVE-2012-6098-6100.patch
@@ -0,0 +1,24 @@
+diff -U3 -r moodle.orig/course/report/outline/index.php moodle/course/report/outline/index.php
+--- moodle.orig/course/report/outline/index.php	2008-12-03 11:15:39.000000000 -0600
++++ moodle/course/report/outline/index.php	2013-01-23 11:29:21.596121656 -0600
+@@ -20,7 +20,7 @@
+     $showlastaccess = true;
+     $hiddenfields = explode(',', $CFG->hiddenuserfields);
+ 
+-    if (array_search('lastaccess', $hiddenfields) and !has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
++    if (array_search('lastaccess', $hiddenfields) !== false and !has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
+         $showlastaccess = false;
+     }
+ 
+diff -U3 -r moodle.orig/grade/edit/outcome/edit_form.php moodle/grade/edit/outcome/edit_form.php
+--- moodle.orig/grade/edit/outcome/edit_form.php	2010-05-13 19:03:35.000000000 -0500
++++ moodle/grade/edit/outcome/edit_form.php	2013-01-23 11:30:19.100120373 -0600
+@@ -115,7 +115,7 @@
+             if (empty($courseid)) {
+                 $mform->hardFreeze('standard');
+ 
+-            } else if (empty($outcome->courseid) and !has_capability('moodle/grade:manage', get_context_instance(CONTEXT_SYSTEM))) {
++            } else if (!has_capability('moodle/grade:manage', get_context_instance(CONTEXT_SYSTEM))) {
+                 $mform->hardFreeze('standard');
+ 
+             } else if ($coursecount and empty($outcome->courseid)) {
diff --git a/moodle.spec b/moodle.spec
index 804346a..6f12f2c 100644
--- a/moodle.spec
+++ b/moodle.spec
@@ -8,7 +8,7 @@
 
 Name:           moodle
 Version:        1.9.19
-Release:       	4%{?dist}
+Release:       	5%{?dist}
 Summary:        A Course Management System
 
 Group:          Applications/Publishing
@@ -108,6 +108,7 @@ Patch1:		moodle-1.9.4-CVE-2009-1171-1.patch
 #Patch2:		moodle-1.9.4-CVE-2009-1171-2.patch
 #Patch3:		moodle-1.9.9-htmlpurifier-4.1.1.patch
 Patch4:         moodle-1.9.19-CVE-2012-4408.patch
+Patch5:         moodle-CVE-2012-6098-6100.patch
 
 BuildRequires:  unzip
 Requires:       php-gd vixie-cron mimetex perl(lib) php-mysql php-xmlrpc
@@ -1563,6 +1564,7 @@ sed -i 's/\r//' mod/wiki/ewiki/README.de
 #%patch2 -p0
 #%patch3 -p0
 %patch4 -p0
+%patch5 -p1
 
 %build
 rm config-dist.php install.php tags filter/tex/mimetex.* filter/tex/README.mimetex
@@ -1806,6 +1808,9 @@ fi
 %exclude %{moodlewebdir}/COPYING.txt
 
 %changelog
+* Mon Oct 29 2012 Jon Ciesla <limburgher at gmail.com> - 1.9.19-5
+- Fix for CVE-2012-6098, CVE-2012-6100, BZ 903264.
+
 * Mon Oct 29 2012 Jon Ciesla <limburgher at gmail.com> - 1.9.19-4
 - Requires fix.

More information about the scm-commits mailing list