Attachment #158943 for bug #201675

View | Details | Raw Unified | Return to bug 201675 | Differences between
Collapse All | Expand All





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="43891162-2d5e-11e5-a4a5-002590263bf5">
    <topic>moodle -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>moodle27</name>
	<range><lt>2.7.9</lt></range>
      </package>
      <package>
	<name>moodle28</name>
	<range><lt>2.8.7</lt></range>
      </package>
      <package>
	<name>moodle29</name>
	<range><lt>2.9.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Marina Glancy reports:</p>
	<blockquote cite="http://seclists.org/oss-sec/2015/q3/94">
	  <p>MSA-15-0026: Possible phishing when redirecting to external site
	    using referer header. (CVE-2015-3272)</p>
	  <p>MSA-15-0027: Capability 'mod/forum:canposttomygroups' is not
	    respected when using 'Post a copy to all groups' in forum
	    (CVE-2015-3273)</p>
	  <p>MSA-15-0028: Possible XSS through custom text profile fields in Web
	    Services (CVE-2015-3274)</p>
	  <p>MSA-15-0029: Javascript injection in SCORM module (CVE-2015-3275)
	    </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2015-3272</cvename>
      <cvename>CVE-2015-3273</cvename>
      <cvename>CVE-2015-3274</cvename>
      <cvename>CVE-2015-3275</cvename>
      <mlist>http://seclists.org/oss-sec/2015/q3/94</mlist>
      <url>https://docs.moodle.org/dev/Moodle_2.7.9_release_notes</url>
      <url>https://docs.moodle.org/dev/Moodle_2.8.7_release_notes</url>
      <url>https://docs.moodle.org/dev/Moodle_2.7.9_release_notes</url>
    </references>
    <dates>
      <discovery>2015-07-06</discovery>
      <entry>2015-07-18</entry>
    </dates>
  </vuln>

  <vuln vid="29083f8e-2ca8-11e5-86ff-14dae9d210b8">
    <topic>apache22 -- chunk header parsing defect</topic>
    <affects>

Return to bug 201675

Lines 58-63 Link Here

(-)vuln.xml (+48 lines)
58		58
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="43891162-2d5e-11e5-a4a5-002590263bf5">
		62	<topic>moodle -- multiple vulnerabilities</topic>
		63	<affects>
		64	<package>
		65	<name>moodle27</name>
		66	<range><lt>2.7.9</lt></range>
		67	</package>
		68	<package>
		69	<name>moodle28</name>
		70	<range><lt>2.8.7</lt></range>
		71	</package>
		72	<package>
		73	<name>moodle29</name>
		74	<range><lt>2.9.1</lt></range>
		75	</package>
		76	</affects>
		77	<description>
		78	<body xmlns="http://www.w3.org/1999/xhtml">
		79	<p>Marina Glancy reports:</p>
		80	<blockquote cite="http://seclists.org/oss-sec/2015/q3/94">
		81	<p>MSA-15-0026: Possible phishing when redirecting to external site
		82	using referer header. (CVE-2015-3272)</p>
		83	<p>MSA-15-0027: Capability 'mod/forum:canposttomygroups' is not
		84	respected when using 'Post a copy to all groups' in forum
		85	(CVE-2015-3273)</p>
		86	<p>MSA-15-0028: Possible XSS through custom text profile fields in Web
		87	Services (CVE-2015-3274)</p>
		88	<p>MSA-15-0029: Javascript injection in SCORM module (CVE-2015-3275)
		89	</p>
		90	</blockquote>
		91	</body>
		92	</description>
		93	<references>
		94	<cvename>CVE-2015-3272</cvename>
		95	<cvename>CVE-2015-3273</cvename>
		96	<cvename>CVE-2015-3274</cvename>
		97	<cvename>CVE-2015-3275</cvename>
		98	<mlist>http://seclists.org/oss-sec/2015/q3/94</mlist>
		99	<url>https://docs.moodle.org/dev/Moodle_2.7.9_release_notes</url>
		100	<url>https://docs.moodle.org/dev/Moodle_2.8.7_release_notes</url>
		101	<url>https://docs.moodle.org/dev/Moodle_2.7.9_release_notes</url>
		102	</references>
		103	<dates>
		104	<discovery>2015-07-06</discovery>
		105	<entry>2015-07-18</entry>
		106	</dates>
		107	</vuln>
		108
61	<vuln vid="29083f8e-2ca8-11e5-86ff-14dae9d210b8">	109	<vuln vid="29083f8e-2ca8-11e5-86ff-14dae9d210b8">
62	<topic>apache22 -- chunk header parsing defect</topic>	110	<topic>apache22 -- chunk header parsing defect</topic>
63	<affects>	111	<affects>