Moodle upstream has released v1.9.9 and v1.8.13: http://docs.moodle.org/en/Moodle_1.9.9_release_notes http://docs.moodle.org/en/Moodle_1.8.13_release_notes Which address the following issues: * MSA-10-0010 Persistent Cross Site Scripting vulnerability in the MNET access control interface * MSA-10-0011 Cross Site Scripting vulnerability in blog/index.php * MSA-10-0012 KSES Security Filter Bypassing vulnerability * MSA-10-0013 Potential Cross Site Scripting vulnerability in Quiz reports These would affect Fedora (currently 1.9.8) and EPEL (currently 1.8.12).
CVE request here: http://www.openwall.com/lists/oss-security/2010/06/18/4
Created moodle tracking bugs for this issue Affects: fedora-all [bug 605810]
Following CVE identifiers has been assigned to these issues: (http://www.openwall.com/lists/oss-security/2010/06/21/2) * MSA-10-0010 Persistent Cross Site Scripting vulnerability in the MNET access control interface => CVE-2010-2228 * MSA-10-0011 Cross Site Scripting vulnerability in blog/index.php => CVE-2010-2229 * MSA-10-0012 KSES Security Filter Bypassing vulnerability => CVE-2010-2230 * MSA-10-0013 Potential Cross Site Scripting vulnerability in Quiz reports => CVE-2010-2231
moodle-1.9.9-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/moodle-1.9.9-1.fc11
moodle-1.8.13-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/moodle-1.8.13-1.el5
moodle-1.8.13-1.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/moodle-1.8.13-1.el4
moodle-1.9.9-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/moodle-1.9.9-1.fc12
moodle-1.9.9-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/moodle-1.9.9-1.fc13
moodle-1.9.9-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
moodle-1.9.9-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
moodle-1.9.9-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
moodle-1.8.13-1.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report.
moodle-1.8.13-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.