Your message dated Thu, 09 Apr 2009 17:10:59 +0000
with message-id <[email protected]>
and subject line Bug#514284: fixed in moodle 1.6.3-2+etch2
has caused the Debian Bug report #514284,
regarding moodle: New releases fot 1.6.x fixes security problems
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
514284: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514284
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: moodle
Version: 1.6.3-2+etch1
Severity: normal

New releases: Moodle 1.9.4, 1.8.8, 1.7.7 and 1.6.9
by Martin Dougiamas - Thursday, February 5, 2009, 03:48 PM
        
        Hi!

        We released some new versions of Moodle last week: full details
        about them are on the sparkly new Moodle download page.

        As usual these point releases wrap up a good number of small
        fixes and enhancements, including a brand-new security report
        from Petr Skoda that helps admins discover and correct insecure
        settings (note that a small performance issue affecting some
        users has already been fixed since 1.9.4 so get the latest
        weekly if you can)

        Most importantly, there are also fixes for all the security
        vulnerabilities reported on the Moodle Tracker over the past few
        months (thanks to all those who reported them!). Full details of
        these security fixes are, as usual, disclosed on our security
        page. (Note that administrators of registered Moodle sites were
        already informed about these releases a week ago as per our
        normal release process). To keep your sites safe all you need to
        do is upgrade your Moodle sites as soon as you can! If you would
        like to discuss any of the disclosed vulnerabilities or general
        techniques to improve the security of your own site, please come
        to our Security and Privacy forum.

        It's also worth mentioning that Moodle 1.6.9 and Moodle 1.7.7
        mark the last builds that the core team plan to release from
        those branches (unless someone else volunteers to maintain them)
        due to the amount of work involved. In short, please upgrade to
        later versions! smile

        In the meantime, we are also pushing ahead rapidly with the
        Moodle 2.0 roadmap and a number of enhancements for Moodle 1.9.5
        ... some exciting things lie ahead!

        Cheers,
        Martin

        P.S. Did I mention you really should upgrade your Moodle sites?
        smile
http://moodle.org/mod/forum/discuss.php?d=115616

-- Sestem Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (900, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_US, LC_CTYPE= (charmap=ISO-8859-1)

Versions of packages moodle depends on:
ii  apache [httpd]          1.3.34-4.1+etch1 versatile, high-performance HTTP s
ii  debconf [debconf-2.0]   1.5.11etch2      Debian configuration management sy
ii  libapache-mod-php5      5.2.0-8+etch13   server-side, HTML-embedded scripti
ii  mimetex                 1.50-1           LaTeX math expressions to anti-ali
ii  php5-cli                5.2.0-8+etch13   command-line interpreter for the p
ii  php5-gd                 5.2.0-8+etch13   GD module for php5
ii  php5-mysql              5.2.0-8+etch13   MySQL module for php5
ii  ucf                     2.0020           Update Configuration File: preserv
ii  wwwconfig-common        0.0.48           Debian web auto configuration

Versions of packages moodle recommends:
ii  mysql-server-5.0 [mysql-se 5.0.32-7etch8 mysql database server binaries

-- debconf-show failed



--- End Message ---
--- Begin Message ---
Source: moodle
Source-Version: 1.6.3-2+etch2

We believe that the bug you reported is fixed in the latest version of
moodle, which is due to be installed in the Debian FTP archive:

moodle_1.6.3-2+etch2.diff.gz
  to pool/main/m/moodle/moodle_1.6.3-2+etch2.diff.gz
moodle_1.6.3-2+etch2.dsc
  to pool/main/m/moodle/moodle_1.6.3-2+etch2.dsc
moodle_1.6.3-2+etch2_all.deb
  to pool/main/m/moodle/moodle_1.6.3-2+etch2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dan Poltawski <[email protected]> (supplier of updated moodle package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 31 Jan 2009 22:13:59 +0000
Source: moodle
Binary: moodle
Architecture: source all
Version: 1.6.3-2+etch2
Distribution: stable-security
Urgency: high
Maintainer: Moodle Packaging Team <[email protected]>
Changed-By: Dan Poltawski <[email protected]>
Description: 
 moodle     - Course Management System for Online Learning
Closes: 514284
Changes: 
 moodle (1.6.3-2+etch2) stable-security; urgency=high
 .
   * Security update based on Moodle 1.6.9 (closes: #514284)
     - Fix XSS vulnerabilities in "login as" in HTML block (CVE-2009-0502)
     - Remove unusused htmlarea plugin (CVE-2008-5153)
     - Fix XSS vulnerabilities in log display (CVE-2009-0500)
Files: 
 b86fd980d09fc1f54744962d765a17d7 793 web optional moodle_1.6.3-2+etch2.dsc
 60b9bf677040fbd71e7951deaa8b91d7 25398 web optional 
moodle_1.6.3-2+etch2.diff.gz
 7a90893e954672f33e129aa4d7ca5aa3 6582298 web optional 
moodle_1.6.3-2+etch2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJk5qJScUZKBnQNIYRAgxCAJ9rfXiUXGrVwuwhRAw/3OL0RcHJvACgiafR
v7N0GxjUVYKx1HrkNtcpp8w=
=vp8Z
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to