Package: moodle Version: 1.6.3-2 Severity: grave Tags: security Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for moodle. CVE-2008-5432[1]: > Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before > 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to > inject arbitrary web script or HTML via a Wiki page name (aka page title). If you fix the vulnerability please also make sure to include the CVE id in the changelog entry. [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5432 http://security-tracker.debian.net/tracker/CVE-2008-5432 Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.