CVE-2010-1616

Name	CVE-2010-1616
Description	Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.
Source	CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
References	DSA-2115-1
NVD severity	medium (attack range: remote)
Debian/oldstable	not vulnerable.
Debian/stable	not known to be vulnerable.
Debian/testing	not known to be vulnerable.
Debian/unstable	not vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
moodle (PTS)	squeeze	1.9.9.dfsg2-2.1+squeeze4	fixed
	squeeze (security)	1.9.9.dfsg2-2.1+squeeze3	fixed
	sid	2.7.5+dfsg-2	fixed

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
moodle	source	(unstable)	1.9.8-1	medium
moodle	source	lenny	1.8.13-1	medium	DSA-2115-1