MSA-19-0012: Private files uploaded via incoming mail processing could bypass quota restrictions

by Michael Hawkins.  

The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.


...
Severity/Risk:Minor
Versions affected:3.6 to 3.6.3, 3.5 to 3.5.5, 3.4 to 3.4.8, 3.1 to 3.1.17 and earlier unsupported versions
Versions fixed:3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18
Reported by:Guillermo Leon
Leer más...



MSA-19-0008: Secure layout contained an insecure link in Boost theme

by Michael Hawkins.  

There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.


...
Severity/Risk:Minor
Versions affected:3.6 to 3.6.2 and 3.5 to 3.5.4
Versions fixed:3.6.3 and 3.5.5
Reported by:Martin von Löwis and Luca Bösch
CVE identifier:CVE-2019-3851
Changes (master):http://git.moodle.
Leer más...