Bug 220041 (CVE-2006-6626) - CVE-2006-6625, CVE-2006-6626: moodle XSS vulnerabilities
Summary: CVE-2006-6625, CVE-2006-6626: moodle XSS vulnerabilities
Keywords:
Status: CLOSED NEXTRELEASE
Alias: CVE-2006-6626
Product: Fedora
Classification: Fedora
Component: moodle
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jerry James
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-12-18 16:33 UTC by Ville Skyttä
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-04-15 22:19:17 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Ville Skyttä 2006-12-18 16:33:22 UTC 
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6625
Reported against 1.6.1 but an upstream patch which I suppose fixes this is not
applied in 1.6.3:
http://moodle.cvs.sourceforge.net/moodle/moodle/mod/forum/discuss.php?r1=1.65.2.9&r2=1.65.2.10

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6626
Reported against 1.5, too little information available at the moment to say
whether this is an issue with 1.6.3.

All FC4+ distro releases are equally affected (or not).
Comment 1 Jerry James 2007-04-15 22:19:17 UTC 
The patch that fixes CVE-2006-6625 is present in 1.6.5, which is being released
for FC 5 and FC 6, and it is also present in 1.8.0, which is being released for
FC 7.  CVE-2006-6626 was also patched in some release prior to those two, so
both are fixed in the next release.
Note You need to log in before you can comment on or make changes to this bug.