Debian Security Advisory
DSA-2262-1 moodle -- several vulnerabilities
- Date Reported:
- 15 Jun 2011
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning:
Cross-site request forgery vulnerability in RSS block
Cross-site scripting vulnerability in tag autocomplete
IMS enterprise enrolment file may disclose sensitive information
Multiple cross-site scripting problems in media filter
Cross Site Scripting through URL encoding
Group/Quiz permissions issue
For the stable distribution (squeeze), this problem has been fixed in version 1.9.9.dfsg2-2.1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 1.9.9.dfsg2-3.
We recommend that you upgrade your moodle packages.