Your message dated Thu, 09 Apr 2009 17:10:59 +0000
with message-id <[email protected]>
and subject line Bug#514284: fixed in moodle 1.6.3-2+etch2
has caused the Debian Bug report #514284,
regarding moodle: New releases fot 1.6.x fixes security problems
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
514284: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514284
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: moodle
Version: 1.6.3-2+etch1
Severity: normal
New releases: Moodle 1.9.4, 1.8.8, 1.7.7 and 1.6.9
by Martin Dougiamas - Thursday, February 5, 2009, 03:48 PM
Hi!
We released some new versions of Moodle last week: full details
about them are on the sparkly new Moodle download page.
As usual these point releases wrap up a good number of small
fixes and enhancements, including a brand-new security report
from Petr Skoda that helps admins discover and correct insecure
settings (note that a small performance issue affecting some
users has already been fixed since 1.9.4 so get the latest
weekly if you can)
Most importantly, there are also fixes for all the security
vulnerabilities reported on the Moodle Tracker over the past few
months (thanks to all those who reported them!). Full details of
these security fixes are, as usual, disclosed on our security
page. (Note that administrators of registered Moodle sites were
already informed about these releases a week ago as per our
normal release process). To keep your sites safe all you need to
do is upgrade your Moodle sites as soon as you can! If you would
like to discuss any of the disclosed vulnerabilities or general
techniques to improve the security of your own site, please come
to our Security and Privacy forum.
It's also worth mentioning that Moodle 1.6.9 and Moodle 1.7.7
mark the last builds that the core team plan to release from
those branches (unless someone else volunteers to maintain them)
due to the amount of work involved. In short, please upgrade to
later versions! smile
In the meantime, we are also pushing ahead rapidly with the
Moodle 2.0 roadmap and a number of enhancements for Moodle 1.9.5
... some exciting things lie ahead!
Cheers,
Martin
P.S. Did I mention you really should upgrade your Moodle sites?
smile
http://moodle.org/mod/forum/discuss.php?d=115616
-- Sestem Information:
Debian Release: 4.0
APT prefers stable
APT policy: (900, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_US, LC_CTYPE= (charmap=ISO-8859-1)
Versions of packages moodle depends on:
ii apache [httpd] 1.3.34-4.1+etch1 versatile, high-performance HTTP s
ii debconf [debconf-2.0] 1.5.11etch2 Debian configuration management sy
ii libapache-mod-php5 5.2.0-8+etch13 server-side, HTML-embedded scripti
ii mimetex 1.50-1 LaTeX math expressions to anti-ali
ii php5-cli 5.2.0-8+etch13 command-line interpreter for the p
ii php5-gd 5.2.0-8+etch13 GD module for php5
ii php5-mysql 5.2.0-8+etch13 MySQL module for php5
ii ucf 2.0020 Update Configuration File: preserv
ii wwwconfig-common 0.0.48 Debian web auto configuration
Versions of packages moodle recommends:
ii mysql-server-5.0 [mysql-se 5.0.32-7etch8 mysql database server binaries
-- debconf-show failed
--- End Message ---
--- Begin Message ---
Source: moodle
Source-Version: 1.6.3-2+etch2
We believe that the bug you reported is fixed in the latest version of
moodle, which is due to be installed in the Debian FTP archive:
moodle_1.6.3-2+etch2.diff.gz
to pool/main/m/moodle/moodle_1.6.3-2+etch2.diff.gz
moodle_1.6.3-2+etch2.dsc
to pool/main/m/moodle/moodle_1.6.3-2+etch2.dsc
moodle_1.6.3-2+etch2_all.deb
to pool/main/m/moodle/moodle_1.6.3-2+etch2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dan Poltawski <[email protected]> (supplier of updated moodle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 31 Jan 2009 22:13:59 +0000
Source: moodle
Binary: moodle
Architecture: source all
Version: 1.6.3-2+etch2
Distribution: stable-security
Urgency: high
Maintainer: Moodle Packaging Team <[email protected]>
Changed-By: Dan Poltawski <[email protected]>
Description:
moodle - Course Management System for Online Learning
Closes: 514284
Changes:
moodle (1.6.3-2+etch2) stable-security; urgency=high
.
* Security update based on Moodle 1.6.9 (closes: #514284)
- Fix XSS vulnerabilities in "login as" in HTML block (CVE-2009-0502)
- Remove unusused htmlarea plugin (CVE-2008-5153)
- Fix XSS vulnerabilities in log display (CVE-2009-0500)
Files:
b86fd980d09fc1f54744962d765a17d7 793 web optional moodle_1.6.3-2+etch2.dsc
60b9bf677040fbd71e7951deaa8b91d7 25398 web optional
moodle_1.6.3-2+etch2.diff.gz
7a90893e954672f33e129aa4d7ca5aa3 6582298 web optional
moodle_1.6.3-2+etch2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJk5qJScUZKBnQNIYRAgxCAJ9rfXiUXGrVwuwhRAw/3OL0RcHJvACgiafR
v7N0GxjUVYKx1HrkNtcpp8w=
=vp8Z
-----END PGP SIGNATURE-----
--- End Message ---