[ubuntu/jaunty] moodle 1.9.4.dfsg-0ubuntu1 (Accepted)

Jordan Mantha laserjock at ubuntu.com
Thu Feb 26 01:40:30 GMT 2009 

moodle (1.9.4.dfsg-0ubuntu1) jaunty; urgency=low

  * Merge with Debian git (Closes LP: #322961, #239481, #334611):
    - use Ubuntu's smarty lib directory for linking
    - use internal yui library
    - add update-notifier support back in

  [Matt Oquist]
    * renamed prerm script
    * significantly rewrote postinst and other maintainer scripts to improve
      user experience and package maintainability
      (Closes LP: #225662, #325450, #327843, #303078, #234609)

moodle (1.9.4.dfsg-1) UNRELEASED; urgency=low

  * New Upstream Version (closes: #475535, #514284, #515823)
    (added notes/ and tag/ to debian/install)
  * Merge with Ubuntu:
    - drop use of wwwconfig (closes: #389502, #302205)
    - debian/postinst: ucf fixes (fixes a hang)

  * Remove preinst (no more direct upgrades from sarge)
  * Remove PHP4 support from the Apache config file we provide
  * Drop support for apache 1.x and remove from debconf
  * Add swedish debconf translation (closes: #511202)

  * Bump debhelper compatibility to 7
  * Add lintian overrides for known customised libraries
  * Add new license files to delete (lintian warning)
  * Compress the deb with bzip2
  * Add a watch file
  * Update copyright file

  Dependencies:
  * Depend on libjs-yui instead of yui (renamed after lenny)
  * Add dependency on unzip
  * Recommend php5-xmlrpc and aspell
  * Suggest clamav
  * Demoted mimetex to recommended

  Generated config:
  * Turn 'dbpersist' on by default in the generated config.php
  * Include whitespace warning at the end of generated config.php
  * Set the path to du, unzip and zip

moodle (1.8.2.dfsg-4) unstable; urgency=high

  * Improve the fix for log URL filtering as suggested by Steffen Joeris
    (MSA-09-0007 / CVE-2009-0500)
  * Backport upstream fix for calendar export leakage
    (MSA-09-0006 / CVE-2009-0501)

moodle (1.8.2.dfsg-3) unstable; urgency=high

  * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
    (MSA-09-0005, CVE-2008-5153)
  * Hide images of deleted users (MSA-09-0001)
  * Fix user pix disclosure (MSA-09-0002)
  * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
  * Fix XSS vulnerabilities in logs (MSA-09-0007)
  * Fix CSRF vulnerability in forum code (MSA-09-0008)

moodle (1.8.2.dfsg-2) unstable; urgency=high

  [ Dan Poltawski ]
  * Patch SQL injection bug in hotpot module (MSA-08-0010)
  * Fix XSS bug in logged urls (MDL-11414)
  * Fix XSS bug in install script (MSA-08-0004)
  * Fix insufficient access control in Login as feature (MSA-08-0003)
  * Profiles of deleted users were accessible allowing for spam (MSA-08-0015)
  * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021)
  * Fix CSRF in messaging settings (MSA-08-0023)
  * Fix anonymous group creation and html injection (MDL-11759)
  * Fix SQL injection bug in mnet (MDL-9288)
  * Fix SQL injection bug in restore (MDL-11857)
  * Insufficient cleaning of essay questions (MDL-12079)
  * Fix insufficient cleaning of PARAM_HOST (MDL-12793)
  * Fix XSS bug in logged urls (MDL-11414)
  * Fix uncleaned params in wiki (MDL-14806)

  [ Francois Marier ]
  * Update html2text to prevent code execution attacks (closes: #508909)

moodle (1.8.2.dfsg-1) unstable; urgency=high

  * Replace html2text with a GPL alternative (closes: #507947)
  * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593)
  * Add Dan Poltawski to the uploaders field

moodle (1.8.2-2) unstable; urgency=high

  * Adopt orphaned package (closes: #494642)
  * Acknowledge security NMU (closes: #489533, #432264)
  * Add Vcs-* fields to debian/control

  Release-critical and security bugs:

  * Depend on smarty instead of using the embedded copy that is shipped
    with Moodle (closes: #471158, #488525, #504345)
  * Patch security bug in the embedded (and customised) copy of phpmailer
    (CVE-2007-3215, closes: #429339, #429190)
  * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492)
  * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
  * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069)

  Trivial bug fixes:

  * Depend on zip (closes: #408995)
  * Add mysql-client as an alternative to postgresql-client
    (closes: #417554, #469094)
  * Recommend php5-ldap (closes: #425839)
  * Delete unnecessary script with bashisms (closes: #489634)

  Lintian warnings:

  * Bump Standards-Version to 3.8.0
  * Add homepage field to debian/control
  * Remove cvsignore file
  * Remove extra license file
  * Depend on yui instead of using an embedded copy

moodle (1.8.2-1.3) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix broken HTML filtering which could be used to perform XSS attacks,
    bypass restrictions or possibly execute arbitrary code
    (CVE-2008-1502; Closes: #489533).

Date: Wed, 25 Feb 2009 15:16:22 -0800
Changed-By: Jordan Mantha <laserjock at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Jordan Mantha <jordan.mantha at gmail.com>
https://launchpad.net/ubuntu/jaunty/+source/moodle/1.9.4.dfsg-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 25 Feb 2009 15:16:22 -0800
Source: moodle
Binary: moodle
Architecture: source
Version: 1.9.4.dfsg-0ubuntu1
Distribution: jaunty
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jordan Mantha <laserjock at ubuntu.com>
Description: 
 moodle     - Course Management System for Online Learning
Closes: 302205 389502 408995 417554 425839 429190 429339 432264 469094 471158 475535 488525 489533 489533 489634 492492 494642 496069 504235 504345 507947 508593 508909 511202 514284 515823
Launchpad-Bugs-Fixed: 225662 234609 239481 303078 322961 325450 327843 334611
Changes: 
 moodle (1.9.4.dfsg-0ubuntu1) jaunty; urgency=low
 .
   * Merge with Debian git (Closes LP: #322961, #239481, #334611):
     - use Ubuntu's smarty lib directory for linking
     - use internal yui library
     - add update-notifier support back in
 .
   [Matt Oquist]
     * renamed prerm script
     * significantly rewrote postinst and other maintainer scripts to improve
       user experience and package maintainability
       (Closes LP: #225662, #325450, #327843, #303078, #234609)
 .
 moodle (1.9.4.dfsg-1) UNRELEASED; urgency=low
 .
   * New Upstream Version (closes: #475535, #514284, #515823)
     (added notes/ and tag/ to debian/install)
   * Merge with Ubuntu:
     - drop use of wwwconfig (closes: #389502, #302205)
     - debian/postinst: ucf fixes (fixes a hang)
 .
   * Remove preinst (no more direct upgrades from sarge)
   * Remove PHP4 support from the Apache config file we provide
   * Drop support for apache 1.x and remove from debconf
   * Add swedish debconf translation (closes: #511202)
 .
   * Bump debhelper compatibility to 7
   * Add lintian overrides for known customised libraries
   * Add new license files to delete (lintian warning)
   * Compress the deb with bzip2
   * Add a watch file
   * Update copyright file
 .
   Dependencies:
   * Depend on libjs-yui instead of yui (renamed after lenny)
   * Add dependency on unzip
   * Recommend php5-xmlrpc and aspell
   * Suggest clamav
   * Demoted mimetex to recommended
 .
   Generated config:
   * Turn 'dbpersist' on by default in the generated config.php
   * Include whitespace warning at the end of generated config.php
   * Set the path to du, unzip and zip
 .
 moodle (1.8.2.dfsg-4) unstable; urgency=high
 .
   * Improve the fix for log URL filtering as suggested by Steffen Joeris
     (MSA-09-0007 / CVE-2009-0500)
   * Backport upstream fix for calendar export leakage
     (MSA-09-0006 / CVE-2009-0501)
 .
 moodle (1.8.2.dfsg-3) unstable; urgency=high
 .
   * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
     (MSA-09-0005, CVE-2008-5153)
   * Hide images of deleted users (MSA-09-0001)
   * Fix user pix disclosure (MSA-09-0002)
   * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
   * Fix XSS vulnerabilities in logs (MSA-09-0007)
   * Fix CSRF vulnerability in forum code (MSA-09-0008)
 .
 moodle (1.8.2.dfsg-2) unstable; urgency=high
 .
   [ Dan Poltawski ]
   * Patch SQL injection bug in hotpot module (MSA-08-0010)
   * Fix XSS bug in logged urls (MDL-11414)
   * Fix XSS bug in install script (MSA-08-0004)
   * Fix insufficient access control in Login as feature (MSA-08-0003)
   * Profiles of deleted users were accessible allowing for spam (MSA-08-0015)
   * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021)
   * Fix CSRF in messaging settings (MSA-08-0023)
   * Fix anonymous group creation and html injection (MDL-11759)
   * Fix SQL injection bug in mnet (MDL-9288)
   * Fix SQL injection bug in restore (MDL-11857)
   * Insufficient cleaning of essay questions (MDL-12079)
   * Fix insufficient cleaning of PARAM_HOST (MDL-12793)
   * Fix XSS bug in logged urls (MDL-11414)
   * Fix uncleaned params in wiki (MDL-14806)
 .
   [ Francois Marier ]
   * Update html2text to prevent code execution attacks (closes: #508909)
 .
 moodle (1.8.2.dfsg-1) unstable; urgency=high
 .
   * Replace html2text with a GPL alternative (closes: #507947)
   * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593)
   * Add Dan Poltawski to the uploaders field
 .
 moodle (1.8.2-2) unstable; urgency=high
 .
   * Adopt orphaned package (closes: #494642)
   * Acknowledge security NMU (closes: #489533, #432264)
   * Add Vcs-* fields to debian/control
 .
   Release-critical and security bugs:
 .
   * Depend on smarty instead of using the embedded copy that is shipped
     with Moodle (closes: #471158, #488525, #504345)
   * Patch security bug in the embedded (and customised) copy of phpmailer
     (CVE-2007-3215, closes: #429339, #429190)
   * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492)
   * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
   * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069)
 .
   Trivial bug fixes:
 .
   * Depend on zip (closes: #408995)
   * Add mysql-client as an alternative to postgresql-client
     (closes: #417554, #469094)
   * Recommend php5-ldap (closes: #425839)
   * Delete unnecessary script with bashisms (closes: #489634)
 .
   Lintian warnings:
 .
   * Bump Standards-Version to 3.8.0
   * Add homepage field to debian/control
   * Remove cvsignore file
   * Remove extra license file
   * Depend on yui instead of using an embedded copy
 .
 moodle (1.8.2-1.3) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix broken HTML filtering which could be used to perform XSS attacks,
     bypass restrictions or possibly execute arbitrary code
     (CVE-2008-1502; Closes: #489533).
Checksums-Sha1: 
 39bc3aff95888be4fac8deed05b8b94a0144e6bf 1469 moodle_1.9.4.dfsg-0ubuntu1.dsc
 fed4ab35c90c108c9a62ab8955c971ec4a903b5d 12969234 moodle_1.9.4.dfsg.orig.tar.gz
 8742ea38f838d147a54be2c8394ef6df968adc32 35254 moodle_1.9.4.dfsg-0ubuntu1.diff.gz
Checksums-Sha256: 
 fbbdc2fc7ecf02f08b972ec64481f7a4ef49447688c3372c758c751f6e990674 1469 moodle_1.9.4.dfsg-0ubuntu1.dsc
 835be549b1259a73ec0288d60ef45da303c4aba399a3447f5546b29e3aa9f4eb 12969234 moodle_1.9.4.dfsg.orig.tar.gz
 a06d47375b874815c7f742ae1a1ad3c41eb8dc17fefdd391ef75ff40ad3bd5b8 35254 moodle_1.9.4.dfsg-0ubuntu1.diff.gz
Files: 
 8a04cacd0b54a49b9d486f9a4f312309 1469 web optional moodle_1.9.4.dfsg-0ubuntu1.dsc
 6263f780d52114c8d6eced8308b66aa7 12969234 web optional moodle_1.9.4.dfsg.orig.tar.gz
 972af039bb908bcc2a5dea873ccc0271 35254 web optional moodle_1.9.4.dfsg-0ubuntu1.diff.gz
Original-Maintainer: Moodle Packaging Team <moodle-packaging at catalyst.net.nz>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkml7/QACgkQ3mtKw5J0KzMiXgCeKKrN0Ue4VI7nxoDosrd+q71G
dw8AoJN2wVtGdzrK4F5mH8Zj/tpLMK7H
=0rds
-----END PGP SIGNATURE-----

More information about the Jaunty-changes mailing list