MSA-19-0017: Upgrade TCPDF library for PHP 7.3 and bug fixes (upstream)

by Michael Hawkins.  

The third party TCPDF library used by Moodle required updating to patch bug fixes, including a security fix (see CVE for more details).


...
Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:Dan Marsden
CVE identifier:CVE-2018-1705
Register to read more...

MSA-19-0016: Assignment group overrides did not observe separate groups mode

by Michael Hawkins.  

Teachers in an assignment group could modify group overrides for other groups in the same assignment.


...
Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:David MonllaĆ³
CVE identifier:CVE-2019-10189
Changes (master):http://git.moo
Register to read more...

MSA-19-0015: Quiz group overrides did not observe groups membership or accessallgroups

by Michael Hawkins.  

Teachers in a quiz group could modify group overrides for other groups in the same quiz.


...
Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:Charl Nel
CVE identifier:CVE-2019-10188
Changes (master):http://git.moodle.org/gw?p=mood
Register to read more...

MSA-19-0014: Ability to delete glossary entries that belong to another glossary

by Michael Hawkins.  

Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.


...
Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:Peter Dias
CVE identifier:CVE-2019
Register to read more...