Candidate: CVE-2012-6099
PublicDate: 2013-01-27 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6099
 http://www.openwall.com/lists/oss-security/2013/01/21
 https://moodle.org/security/
Description:
 The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle
 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x
 before 2.4.1 does not properly validate pathnames, which allows remote
 authenticated users to read arbitrary files by leveraging the
 backup-restoration feature.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Dan Poltawski
Assigned-to:
CVSS: 

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977
upstream_moodle: released (2.4.1)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: ignored (reached end-of-life)
oneiric_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: not-affected (2.5.2-1)
trusty_moodle: not-affected (2.5.4-1ubuntu1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1ubuntu1])
utopic_moodle: not-affected (2.5.4-1ubuntu1)
vivid_moodle: not-affected (2.5.4-1ubuntu1)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: not-affected (2.5.4-1ubuntu1)
xenial_moodle: not-affected (2.5.4-1ubuntu1)
yakkety_moodle: not-affected (2.5.4-1ubuntu1)
zesty_moodle: not-affected (2.5.4-1ubuntu1)
devel_moodle: not-affected (2.5.4-1ubuntu1)