Candidate: CVE-2014-0216
PublicDate: 2014-05-27 00:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0216
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877
 https://moodle.org/mod/forum/discuss.php?d=260364
 http://openwall.com/lists/oss-security/2014/05/19/1
Description:
 The My Home implementation in the block_html_pluginfile function in
 blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x
 before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file
 access, which allows remote attackers to obtain sensitive information by
 visiting an HTML block.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (2.6.3-1)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: ignored (reached end-of-life)
trusty/esm_moodle: DNE (trusty was needed)
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.7.5+dfsg-1)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.7.5+dfsg-1)
cosmic_moodle: not-affected (2.7.5+dfsg-1)
disco_moodle: not-affected (2.7.5+dfsg-1)
devel_moodle: not-affected (2.7.5+dfsg-1)