moodle-2.4.10-1.el6 security update
|Release:||Fedora EPEL 6|
|Date Submitted:||2014-05-21 12:27:50|
|Date Released:||2014-05-24 17:06:40|
Moodle upstream has released versions 2.7, 2.6.3, 2.5.6, and 2.4.10 to fix the following security flaws:
CVE-2014-0213 MSA-14-0014: Cross-site request forgery possible in Assignment CVE-2014-0214 MSA-14-0015: Web service token expiry issue for MoodleMobile CVE-2014-0215 MSA-14-0016: Anonymous student identity revealed in assignment CVE-2014-0216 MSA-14-0017: File access issue in HTML block CVE-2014-0217 MSA-14-0018: Information leak in courses CVE-2014-0218 MSA-14-0019: Reflected XSS in URL downloader repository
For a full summary and patch links, refer to the following:
http://seclists.org/oss-sec/2014/q2/329Bugs Fixed1099766 - CVE-2014-0218: CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [epel-all]bodhi - 2014-05-21 12:28:13This update has been submitted for testing by limb.
bodhi - 2014-05-24 16:22:59This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2014-05-24 18:00:32This update has been pushed to testing
bodhi - 2014-06-07 22:38:12This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2014-06-09 11:39:13This update has been submitted for stable by limb.
bodhi - 2014-06-09 13:48:09This update is currently being pushed to the Fedora EPEL 6 stable updates repository.
bodhi - 2014-06-09 15:35:56This update has been pushed to stable