[moodle/el5] Patch for CVE-2012-6098, CVE-2012-6100.
Jon Ciesla
limb at fedoraproject.org
Wed Jan 23 17:40:25 UTC 2013
commit 267b8b9ee315db444cf76c53fa88712e80eda0cd
Author: Jon Ciesla <limburgher at gmail.com>
Date: Wed Jan 23 11:37:29 2013 -0600
Patch for CVE-2012-6098, CVE-2012-6100.
moodle-CVE-2012-6098-6100.patch | 24 ++++++++++++++++++++++++
moodle.spec | 7 ++++++-
2 files changed, 30 insertions(+), 1 deletions(-)
---
diff --git a/moodle-CVE-2012-6098-6100.patch b/moodle-CVE-2012-6098-6100.patch
new file mode 100644
index 0000000..a0fff50
--- /dev/null
+++ b/moodle-CVE-2012-6098-6100.patch
@@ -0,0 +1,24 @@
+diff -U3 -r moodle.orig/course/report/outline/index.php moodle/course/report/outline/index.php
+--- moodle.orig/course/report/outline/index.php 2008-12-03 11:15:39.000000000 -0600
++++ moodle/course/report/outline/index.php 2013-01-23 11:29:21.596121656 -0600
+@@ -20,7 +20,7 @@
+ $showlastaccess = true;
+ $hiddenfields = explode(',', $CFG->hiddenuserfields);
+
+- if (array_search('lastaccess', $hiddenfields) and !has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
++ if (array_search('lastaccess', $hiddenfields) !== false and !has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
+ $showlastaccess = false;
+ }
+
+diff -U3 -r moodle.orig/grade/edit/outcome/edit_form.php moodle/grade/edit/outcome/edit_form.php
+--- moodle.orig/grade/edit/outcome/edit_form.php 2010-05-13 19:03:35.000000000 -0500
++++ moodle/grade/edit/outcome/edit_form.php 2013-01-23 11:30:19.100120373 -0600
+@@ -115,7 +115,7 @@
+ if (empty($courseid)) {
+ $mform->hardFreeze('standard');
+
+- } else if (empty($outcome->courseid) and !has_capability('moodle/grade:manage', get_context_instance(CONTEXT_SYSTEM))) {
++ } else if (!has_capability('moodle/grade:manage', get_context_instance(CONTEXT_SYSTEM))) {
+ $mform->hardFreeze('standard');
+
+ } else if ($coursecount and empty($outcome->courseid)) {
diff --git a/moodle.spec b/moodle.spec
index 804346a..6f12f2c 100644
--- a/moodle.spec
+++ b/moodle.spec
@@ -8,7 +8,7 @@
Name: moodle
Version: 1.9.19
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: A Course Management System
Group: Applications/Publishing
@@ -108,6 +108,7 @@ Patch1: moodle-1.9.4-CVE-2009-1171-1.patch
#Patch2: moodle-1.9.4-CVE-2009-1171-2.patch
#Patch3: moodle-1.9.9-htmlpurifier-4.1.1.patch
Patch4: moodle-1.9.19-CVE-2012-4408.patch
+Patch5: moodle-CVE-2012-6098-6100.patch
BuildRequires: unzip
Requires: php-gd vixie-cron mimetex perl(lib) php-mysql php-xmlrpc
@@ -1563,6 +1564,7 @@ sed -i 's/\r//' mod/wiki/ewiki/README.de
#%patch2 -p0
#%patch3 -p0
%patch4 -p0
+%patch5 -p1
%build
rm config-dist.php install.php tags filter/tex/mimetex.* filter/tex/README.mimetex
@@ -1806,6 +1808,9 @@ fi
%exclude %{moodlewebdir}/COPYING.txt
%changelog
+* Mon Oct 29 2012 Jon Ciesla <limburgher at gmail.com> - 1.9.19-5
+- Fix for CVE-2012-6098, CVE-2012-6100, BZ 903264.
+
* Mon Oct 29 2012 Jon Ciesla <limburgher at gmail.com> - 1.9.19-4
- Requires fix.
More information about the scm-commits
mailing list