Red Hat Bugzilla – Bug 220041
CVE-2006-6625, CVE-2006-6626: moodle XSS vulnerabilities
Last modified: 2007-11-30 17:11:51 EST
Reported against 1.6.1 but an upstream patch which I suppose fixes this is not
applied in 1.6.3:
Reported against 1.5, too little information available at the moment to say
whether this is an issue with 1.6.3.
All FC4+ distro releases are equally affected (or not).
The patch that fixes CVE-2006-6625 is present in 1.6.5, which is being released
for FC 5 and FC 6, and it is also present in 1.8.0, which is being released for
FC 7. CVE-2006-6626 was also patched in some release prior to those two, so
both are fixed in the next release.