Candidate: CVE-2012-6087
PublicDate: 2013-09-16 13:02:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6087
 https://github.com/tpyo/amazon-s3-php-class/pull/36
Description:
 repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11,
 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not
 verify that the server hostname matches a domain name in the subject's
 Common Name (CN) or subjectAltName field of the X.509 certificate, which
 allows man-in-the-middle attackers to spoof SSL servers via an arbitrary
 valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (2.5.2)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: ignored (reached end-of-life)
oneiric_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: not-affected (2.5.4-1ubuntu1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1ubuntu1])
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.5.4-1ubuntu1)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.5.4-1ubuntu1)
cosmic_moodle: not-affected (2.5.4-1ubuntu1)
devel_moodle: not-affected (2.5.4-1ubuntu1)