Document multiple security advisories for Moodle

Security: CVE-2016-2151 Security: CVE-2016-2152 Security: CVE-2016-2153 Security: CVE-2016-2154 Security: CVE-2016-2155 Security: CVE-2016-2156 Security: CVE-2016-2157 Security: CVE-2016-2158 Security: CVE-2016-2159 Security: CVE-2016-2190 Security: https://vuxml.FreeBSD.org/freebsd/a430e15d-f93f-11e5-92ce-002590263bf5.html
svn path=/head/; revision=412441
2016-04-03 02:11:52 +00:00 · 2016-04-03 02:11:52 +00:00 · dffec6cc8d · 2021-03-31 03:12:20 +00:00
commit dffec6cc8d
parent 3324d4936d
1 changed files with 64 additions and 0 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -58,6 +58,70 @@ Notes:
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="a430e15d-f93f-11e5-92ce-002590263bf5">
+    <topic>moodle -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>moodle28</name>
+	<range><lt>2.8.11</lt></range>
+      </package>
+      <package>
+	<name>moodle29</name>
+	<range><lt>2.9.5</lt></range>
+      </package>
+      <package>
+	<name>moodle30</name>
+	<range><lt>3.0.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Marina Glancy reports:</p>
+	<blockquote cite="https://moodle.org/security/">
+	  <ul>
+	    <li><p>MSA-16-0003: Incorrect capability check when displaying
+	    users emails in Participants list</p></li>
+	    <li><p>MSA-16-0004: XSS from profile fields from external db</p>
+	    </li>
+	    <li><p>MSA-16-0005: Reflected XSS in mod_data advanced search</p>
+	    </li>
+	    <li><p>MSA-16-0006: Hidden courses are shown to students in Event
+	    Monitor</p></li>
+	    <li><p>MSA-16-0007: Non-Editing Instructor role can edit exclude
+	    checkbox in Single View</p></li>
+	    <li><p>MSA-16-0008: External function get_calendar_events return
+	    events that pertains to hidden activities</p></li>
+	    <li><p>MSA-16-0009: CSRF in Assignment plugin management page</p>
+	    </li>
+	    <li><p>MSA-16-0010: Enumeration of category details possible without
+	    authentication</p></li>
+	    <li><p>MSA-16-0011: Add no referrer to links with _blank target
+	    attribute</p></li>
+	    <li><p>MSA-16-0012: External function mod_assign_save_submission
+	    does not check due dates</p></li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2016-2151</cvename>
+      <cvename>CVE-2016-2152</cvename>
+      <cvename>CVE-2016-2153</cvename>
+      <cvename>CVE-2016-2154</cvename>
+      <cvename>CVE-2016-2155</cvename>
+      <cvename>CVE-2016-2156</cvename>
+      <cvename>CVE-2016-2157</cvename>
+      <cvename>CVE-2016-2158</cvename>
+      <cvename>CVE-2016-2190</cvename>
+      <cvename>CVE-2016-2159</cvename>
+      <url>https://moodle.org/security/</url>
+    </references>
+    <dates>
+      <discovery>2016-03-21</discovery>
+      <entry>2016-04-03</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="297117ba-f92d-11e5-92ce-002590263bf5">
    <topic>squid -- multiple vulnerabilities</topic>
    <affects>