Red Hat Bugzilla – Bug 902731
CVE-2012-6100 moodle: Information leak through activity report (MSA-13-0004)
Last modified: 2015-08-22 11:37:10 EDT
A security flaw was found in the way Moodle, a course management system, enforced hidden field requirement on the last access item of the Activity report. When a last access item was requested to be hidden, it was still displayed in the Activity Report.
Relevant upstream patch:
This issue did NOT affect the versions of the moodle package, as shipped with Fedora release of 16, 17, 18, and Fedora EPEL 6 (those moodle package versions are already updated and contain the fix).
This issue affects the version of the moodle package, as shipped with Fedora EPEL 5 (relevant source code part where patch is applicable is: rpmbuild/BUILD/moodle/course/report/outline/index.php around line #18).
Created moodle tracking bugs for this issue
Affects: epel-5 [bug 903264]