From 15d445e6d84937bb48552a3379b87f3646c2fbe4 Mon Sep 17 00:00:00 2001
From: Dhananjay Arunesh <darunesh@redhat.com>
Date: Wed, 18 Mar 2020 17:11:52 +0530
Subject: [PATCH 1/3] CVE-2019-14884 update

---
 2019/14xxx/CVE-2019-14884.json | 82 ++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 2019/14xxx/CVE-2019-14884.json

diff --git a/2019/14xxx/CVE-2019-14884.json b/2019/14xxx/CVE-2019-14884.json
new file mode 100644
index 00000000000..eb515211139
--- /dev/null
+++ b/2019/14xxx/CVE-2019-14884.json
@@ -0,0 +1,82 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-14884",
+        "ASSIGNER": "darunesh@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "[UNKNOWN]",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "moodle",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "3.7.3"
+                                        },
+                                        {
+                                            "version_value": "3.6.7"
+                                        },
+                                        {
+                                            "version_value": "3.5.9"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14884",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14884",
+                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://moodle.org/mod/forum/discuss.php?d=393587#p1586751",
+                "url": "https://moodle.org/mod/forum/discuss.php?d=393587#p1586751"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A vulnerability was found in Moodle through 3.7 to 3.7.2 before 3.73, 3.6 to 3.6.6 before 3.6.7 and 3.5 to 3.5.8 before 3.5.9, where a reflected XSS possible from some fatal error messages."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+                    "version": "3.0"
+                }
+            ]
+        ]
+    }
+}

From 6b2437f8d3ee0d135324e932d6a6623866aa92f0 Mon Sep 17 00:00:00 2001
From: Dhananjay Arunesh <darunesh@redhat.com>
Date: Wed, 18 Mar 2020 17:26:56 +0530
Subject: [PATCH 2/3] CVE-2019-14884 update

---
 2019/14xxx/CVE-2019-14884.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/2019/14xxx/CVE-2019-14884.json b/2019/14xxx/CVE-2019-14884.json
index eb515211139..8c42f85acb2 100644
--- a/2019/14xxx/CVE-2019-14884.json
+++ b/2019/14xxx/CVE-2019-14884.json
@@ -65,7 +65,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "A vulnerability was found in Moodle through 3.7 to 3.7.2 before 3.73, 3.6 to 3.6.6 before 3.6.7 and 3.5 to 3.5.8 before 3.5.9, where a reflected XSS possible from some fatal error messages."
+                "value": "A vulnerability was found in Moodle through versions 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages."
             }
         ]
     },

From c328959823029de68c9692edccc98b77e150d546 Mon Sep 17 00:00:00 2001
From: Dhananjay Arunesh <darunesh@redhat.com>
Date: Wed, 18 Mar 2020 17:45:18 +0530
Subject: [PATCH 3/3] CVE-2019-14884 update

---
 2019/14xxx/.CVE-2019-14886.json.swp | Bin 0 -> 12288 bytes
 2019/14xxx/CVE-2019-14884.json      |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 2019/14xxx/.CVE-2019-14886.json.swp

diff --git a/2019/14xxx/.CVE-2019-14886.json.swp b/2019/14xxx/.CVE-2019-14886.json.swp
new file mode 100644
index 0000000000000000000000000000000000000000..361660e4046ddee054b11b0b3dc306065d794a58
GIT binary patch
literal 12288
zcmeI2?`s@I7{@14wYIhveWkwHZdDMI+x)mT=|QNM80%>-*1IGML65oJxw{R!JL}AD
zk~366@J0Usp{VbazVHXW5uxB4K`4kXe52?eprF3-bw%+zcei(YzhZ(S6lURbb2HB~
z&ph*;-I)v7>hwmTXe?xA39eIwd~#B}QuH4o-#mJRI8?*|lMQ9s?-I;u&?sYbe?Kom
zUQYsA_BQie8CkQ_Gv}?D?C$QawY;%1rK(di*@cC3nJvkK{iA8CRzNFoI0a6Sx!IX%
z)#r?P+IZmp^}}`7-dX{zfL1^&pcT*xXa%$aS^=%VZLL5QPLMY+gF8C2D0a$;fwEK8
zg;qc-pcT*xXa%$aS^=$qRzNGD70?Q31+)UUp#sz)WbFtcAKZ!L@&Eti@BhE<BjjiB
zHTV=<1G}II=D;L)7~BnhJxRz9;6rc~R6rj5d4iB{!8;%Xzuim7m*8E{1e+iao&XPm
z<6r{ZI!?$>;3l{Mu7NkfCYS~ffurEoF+zR^zku(+4e$}z00jJa5Ap|JfV1EfxO$Y3
zJ@6{n0_$KNJPwY5&+a1RI(QGf4c-D0Fi-}6K&S7)SKxE-F}Mzte(wW)X$7<bT7myk
zfh)wo)&5l9UMA`@x%z9Wwda}msM6eKLb^OKbA~yWnKnt<n0$wm9dS{Pgd5bAXEt*V
zuV$6YIdrk|8@W|0znr^dT`u8cy^t$e<=ncZS_&YaTQw(#;_mgeY<6p=y)7liXt$WI
zA5uF)z3qRc7pQ-R!?QEDsTVVqZQj_9y?_Z?bv-v~8aq@PH690!;RZ%EmM&grlT$Ve
zB0;@L16J8^!;rP?qT%>c^O>`m8H1vSXoR#=pEPzFOfZ85Hh170QYm-1aHK)eDj`@q
z0uzF|70K*aVDyU3gNW@$8Dp){=?hVfSi-r+MXR4`h+yqSbfvLGB|Dd$Gy)zW6E&)6
zh7p#|pkAFLbi+sPNRb9jLol0TWt#@CsYo&%%jU7?7#^dJ5pgxJNDWkFYH+q2awL=)
zz8y@Dwr>H3qPH08PU)?v=`d*vx0PMRp%KL@bk;LvLF3^UHK2ZLO&d`Z%A94@1&>3S
zsdHZUn0ndJf{3wiU5F#U;xosM{YB<e*LzGgNFEEDE!H@Xm^gFVmvw8a8v0YQq;+P^
zXTx&5Q@i+FY2BLUFNJ=oY%jf#e|Cflg4NowFbT6*C@&9aq4Y3g;VJX~n(DYEQ3<6U
z9#vJB**B5p=U1ODl!_zfJ1BcKuD|Ab9?kUL^0Z`w?^IyO*md`U>n!%ayLkYC{&mpQ
z9f*11*$iwpaQ}7N)gE)`+pmAmX-hb6XKl&b-Gi22#EY!w$Ly~y*YOWlGEQ%LNlW@c
z!+bVLVo+tz-3$e<dd!cS;h-KV%P2wmx7Fe4_uG@vN4F~LaD=3fD#!Ory#CokdG0?-
z5=)f_i<k6B4$De+Sv#kvRQv4Gz)5o8gJk%5O9mV)drLZKN!Pn+_HDgskHPOrkM1on
z=#Z|fyUB^|sFG|7gA*U|sHgjnpF}tEzKJJZW0S>f0*8xkekB~O&(LT@TK%ac{f0*G
z7`g+Rv{u6}qLEvOSzgPpt-#g1yuNg)u-sc*GhZ$jF0QVWlo3A%sK-R~WN!ma<!2V2
zQcfdxP}SPn)Ns7DPS*A$OqF#d^=mGRUvur#pl!mr=tBgAEf&^FD}6S#F?0q*`yTll
DanHol

literal 0
HcmV?d00001

diff --git a/2019/14xxx/CVE-2019-14884.json b/2019/14xxx/CVE-2019-14884.json
index 8c42f85acb2..c10b56b822d 100644
--- a/2019/14xxx/CVE-2019-14884.json
+++ b/2019/14xxx/CVE-2019-14884.json
@@ -65,7 +65,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "A vulnerability was found in Moodle through versions 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages."
+                "value": "A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages."
             }
         ]
     },