An XSS flaw was reported in the phpCAS library [1], where it would not properly sanitize the submitted URL before displaying it on the error page. This could allow an attacker to insert scripts or other malicious content on the error page. Both Moodle and gpli embedd the phpCAS library. The Moodle developers are currently testing the upstream patch for regressions [2] (the bug is currently private). The upstream bug report has a patch to correct this issue attached. References: [1] http://www.ja-sig.org/issues/browse/PHPCAS-52 [2] http://tracker.moodle.org/browse/MDL-21802
glpi-0.72.4-2.svn11035.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/glpi-0.72.4-2.svn11035.el5
glpi-0.72.4-2.svn11035.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/glpi-0.72.4-2.svn11035.fc11
glpi-0.72.4-2.svn11035.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/glpi-0.72.4-2.svn11035.fc12
glpi-0.72.4-2.svn11035.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/glpi-0.72.4-2.svn11035.fc13
glpi-0.72.4-2.svn11035.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
glpi-0.72.4-2.svn11035.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
glpi-0.72.4-2.svn11035.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
glpi-0.72.4-2.svn11035.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
I'd really love to patch Moodle, but my Moodle Jira login lacks the requisite permissions. I've emailed their Jira admins for assistance.
moodle-1.9.8-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/moodle-1.9.8-1.fc11
moodle-1.9.8-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/moodle-1.9.8-1.fc12
moodle-1.9.8-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/moodle-1.9.8-1.fc13
moodle-1.9.8-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
moodle-1.9.8-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
moodle-1.9.8-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.