Name | CVE-2009-1171 |
Description | The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DSA-1761-1 |
Debian Bugs | 522116 |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
moodle | source | etch | 1.6.3-2+etch3 | DSA-1761-1 | ||
moodle | source | lenny | 1.8.2.dfsg-3+lenny2 | DSA-1761-1 | ||
moodle | source | (unstable) | 1.8.2.dfsg-5 | medium | 522116 |
this applies only to people who have a complete tex environment and
aren't just using mimetex to render the tex