Source: moodle Version: 2.7.8+dfsg-1 Severity: important Tags: security upstream fixed-upstream
Hi, the following vulnerabilities were published for moodle. CVE-2015-3272[0]: Possible phishing when redirecting to external site using referer header CVE-2015-3274[1]: Possible XSS through custom text profile fields in Web Services CVE-2015-3275[2]: Javascript injection in SCORM module If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3272 [1] https://security-tracker.debian.org/tracker/CVE-2015-3274 [2] https://security-tracker.debian.org/tracker/CVE-2015-3275 [3] http://www.openwall.com/lists/oss-security/2015/07/13/2 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
