[Bug 322961] Re: merge moodle 1.8.2.dfsg-23

Tue Feb 10 18:36:46 UTC 2009

Dan,
Thanks for taking on the Debian packaging, that's really awesome. I see you're using git for the Debian pacakging, do you have a mailing list I can contact you guys? I'd like to talk about perhaps getting some better Debian/Ubuntu collaboration going with moodle, especially concerning changes we've made, embedded libraries, and security coordination.

-Jordan

** Summary changed:

- merge moodle 1.8.2.dfsg-2
+ merge moodle 1.8.2.dfsg-23

** Description changed:

  Binary package hint: moodle

- The latest moodle is needed in Jaunty to close various security bugs.
+ The latest moodle is needed in Jaunty to close various security bugs. Relevant changelog entries:
+ moodle (1.8.2.dfsg-3) unstable; urgency=high
+ 
+   * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
+     (MSA-09-0005, CVE-2008-5153)
+   * Hide images of deleted users (MSA-09-0001)
+   * Fix user pix disclosure (MSA-09-0002)
+   * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
+   * Fix XSS vulnerabilities in logs (MSA-09-0007)
+   * Fix CSRF vulnerability in forum code (MSA-09-0008)
+ 
+  -- Francois Marier <francois at debian.org>  Mon, 02 Feb 2009 19:09:10
+ +1300
+ 
+ moodle (1.8.2.dfsg-2) unstable; urgency=high
+ 
+   [ Dan Poltawski ]
+   * Patch SQL injection bug in hotpot module (MSA-08-0010)
+   * Fix XSS bug in logged urls (MDL-11414)
+   * Fix XSS bug in install script (MSA-08-0004)
+   * Fix insufficient access control in Login as feature (MSA-08-0003)
+   * Profiles of deleted users were accessible allowing for spam (MSA-08-0015)
+   * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021)
+   * Fix CSRF in messaging settings (MSA-08-0023)
+   * Fix anonymous group creation and html injection (MDL-11759)
+   * Fix SQL injection bug in mnet (MDL-9288)
+   * Fix SQL injection bug in restore (MDL-11857)
+   * Insufficient cleaning of essay questions (MDL-12079)
+   * Fix insufficient cleaning of PARAM_HOST (MDL-12793)
+   * Fix XSS bug in logged urls (MDL-11414)
+   * Fix uncleaned params in wiki (MDL-14806)
+ 
+   [ Francois Marier ]
+   * Update html2text to prevent code execution attacks (closes: #508909)
+ 
+  -- Francois Marier <francois at debian.org>  Wed, 17 Dec 2008 13:37:10
+ +1300
+ 
+ moodle (1.8.2.dfsg-1) unstable; urgency=high
+ 
+   * Replace html2text with a GPL alternative (closes: #507947)
+   * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593)
+   * Add Dan Poltawski to the uploaders field
+ 
+  -- Francois Marier <francois at debian.org>  Tue, 16 Dec 2008 20:24:27
+ +1300

** Summary changed:

- merge moodle 1.8.2.dfsg-23
+ merge moodle 1.8.2.dfsg-3

** Changed in: moodle (Ubuntu)
   Importance: Medium => High
     Assignee: Oliver Grawert (ogra) => Jordan Mantha (laserjock)
       Status: Confirmed => In Progress
       Target: jaunty-alpha-4 => jaunty-alpha-5

-- 
merge moodle 1.8.2.dfsg-3
https://bugs.launchpad.net/bugs/322961
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs