moodle not up-to-date, missing security fixes
Till Maas
opensource at till.name
Thu Aug 24 00:22:58 UTC 2006
On Thursday 24 August 2006 02:10, Jason L Tibbitts III wrote:
> >>>>> "TM" == Till Maas <opensource at till.name> writes:
>
> TM> Aloa, I just noticed that moodle is not up-to-date and misses
> TM> security fixes, see:
>
> TM> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844
>
> There's not a whole lot of information in that bug report.
>
> I see CVE-2006-3951 as being related to this. Is there something
> else? Do you have a link to the moodle release information that might
> supply more details?
The link to the release information is in the URL-Field of the bug report but
I added it as a comment because it is easy to overlook - I needed to search
for it though I knew it was there ;-)
Here is the information:
Changelog:
http://docs.moodle.org/en/Release_Notes#Various_fixes
----9<----
Moodle 1.5.4
21st May, 2006
(Because this release contains important security fixes, we highly advise that
sites using any previous version of Moodle upgrade to this version as soon as
possible.)
Various fixes
Security
Improved kses cleaning of html SC#204
Prevent unwanted password change here SC#225
Fix for Secunia Advisory SA18267, plus some logging of suspicious activity.
AdoDB tests cleanup after Secunia Advisory SA18267
Fixed $cfg->forceloginforprofiles logic SC#207. Backported from HEAD
---->8----
I did not look into the details.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/security/attachments/20060824/94ef6756/attachment.bin
More information about the security
mailing list