{ "schema_version": "1.7.0", "id": "MGASA-2015-0302", "published": "2015-08-03T20:55:18Z", "modified": "2015-08-03T20:40:41Z", "summary": "Updated moodle package fixes security vulnerabilities", "details": "In Moodle before 2.8.7, phishing is possible when redirecting to external\nsite using referer headers in error messages (CVE-2015-3272).\n\nIn Moodle before 2.8.7, several web services returning user information\ndid not clean text in text custom profile fields, leading to possible XSS\n(CVE-2015-3274).\n\nIn Moodle before 2.8.7, possible Javascript injection was discovered in\nthe SCORM module (CVE-2015-3275).\n\nAs Moodle 2.6 is no longer supported, users of this package on Mageia 4\nare advised to migrate to Mageia 5.\n", "upstream": [ "CVE-2015-3272", "CVE-2015-3274", "CVE-2015-3275" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2015-0302.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=16374" }, { "type": "WEB", "url": "https://moodle.org/mod/forum/discuss.php?d=316662" }, { "type": "WEB", "url": "https://moodle.org/mod/forum/discuss.php?d=316664" }, { "type": "WEB", "url": "https://moodle.org/mod/forum/discuss.php?d=316665" }, { "type": "WEB", "url": "https://docs.moodle.org/dev/Moodle_2.8.7_release_notes" }, { "type": "WEB", "url": "https://moodle.org/mod/forum/discuss.php?d=316289" } ], "affected": [ { "package": { "ecosystem": "Mageia:5", "name": "moodle", "purl": "pkg:rpm/mageia/moodle?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.8.7-1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }