stable

moodle-2.4.7-1.el6

FEDORA-EPEL-2013-12102 created by limb 10 years ago for Fedora EPEL 6

Latest upstreams, multiple security fixes.

Name: CVE-2013-6780 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6780 Assigned: 20131112 Reference: https://yuilibrary.com/support/20131111-vulnerability/

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.

Name: CVE-2013-3630 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630 [Open">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630">Open URL] Assigned: 20130521 Reference: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one [Open">https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one">Open URL] Reference: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats [Open">https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats">Open URL]

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.

This update has been submitted for testing by limb.

10 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

10 years ago

This update has been submitted for stable by limb.

10 years ago

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
BZ#1025655 CVE-2013-3630 moodle: authenticated remote command execution [fedora-all]
0
0
BZ#1025656 CVE-2013-3630 moodle: authenticated remote command execution [epel-all]
0
0
BZ#1030084 CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0 through 2.9.0 [epel-5]
0
0
BZ#1030085 CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0 through 2.9.0 [fedora-18]
0
0

Automated Test Results