Several cross-site scripting and information disclosure issues have
been fixed in Moodle, a course management system for online learning:
Continue links in error messages can lead offsite
reCAPTCHA images were being authenticated from an older
server
Group names in user upload CSV not escaped
Fields in user upload CSV not escaped
Forms API constant issue
MNET SSL validation issue
Messaging refresh vulnerability
Course section editing injection vulnerability
Database injection protection strengthened
For the stable distribution (squeeze), this problem has been fixed in
version 1.9.9.dfsg2-2.1+squeeze2.
For the unstable distribution (sid), this problem has been fixed in
version 1.9.9.dfsg2-4.
We recommend that you upgrade your moodle packages.
CPE | Name | Operator | Version |
---|---|---|---|
moodle | eq | 1.9.9.dfsg2-2.1 | |
moodle | eq | 1.9.9.dfsg2-2.1+squeeze1 |