Your message dated Thu, 16 Jul 2015 15:40:16 +0000
with message-id <[email protected]>
and subject line Bug#792242: fixed in moodle 2.7.9+dfsg-1
has caused the Debian Bug report #792242,
regarding moodle: CVE-2015-3272 CVE-2015-3274 CVE-2015-3275
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
792242: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792242
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: moodle
Version: 2.7.8+dfsg-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for moodle.
CVE-2015-3272[0]:
Possible phishing when redirecting to external site using referer header
CVE-2015-3274[1]:
Possible XSS through custom text profile fields in Web Services
CVE-2015-3275[2]:
Javascript injection in SCORM module
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3272
[1] https://security-tracker.debian.org/tracker/CVE-2015-3274
[2] https://security-tracker.debian.org/tracker/CVE-2015-3275
[3] http://www.openwall.com/lists/oss-security/2015/07/13/2
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: moodle
Source-Version: 2.7.9+dfsg-1
We believe that the bug you reported is fixed in the latest version of
moodle, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joost van Baal-Ilić <[email protected]> (supplier of updated moodle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 16 Jul 2015 15:44:09 +0200
Source: moodle
Binary: moodle
Architecture: source all
Version: 2.7.9+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Moodle Packaging Team
<[email protected]>
Changed-By: Joost van Baal-Ilić <[email protected]>
Description:
moodle - course management system for online learning
Closes: 792242
Changes:
moodle (2.7.9+dfsg-1) unstable; urgency=high
.
* New upstream security release, released July 6, 2015. Note that the
upstream
2.7 branch is now supported for security fixes only until May 2017 (LTS).
Security issues fixed:
- MSA-15-0026 Possible phishing when redirecting to external site using
referer header, Reported by Totara, MDL-50688, CVE-2015-3272
- MSA-15-0028 Possible XSS through custom text profile fields in Web
Services, Reported by Marina Glancy, MDL-50130, CVE-2015-3274
- MSA-15-0029 Javascript injection in SCORM module, Reported by Martin
Greenaway, MDL-50614, CVE-2015-3275
See http://www.openwall.com/lists/oss-security/2015/07/13/2 for more
details
on these fixed security issues. Some other fixes and improvements:
MDL-50380 - Fixed missing parameter error when editing files in wiki;
MDL-50177 - Upgrading assignments in 2.7/2.8 works even when conditional
access is used; MDL-50275 - Added missing version bump after risk bitmap
change in MDL-49941. See the Moodle 2.7.9 release notes at
https://docs.moodle.org/dev/Moodle_2.7.9_release_notes for more details.
Thanks Salvatore Bonaccorso. Closes: #792242
* debian/changelog: fix line length: max 80 columns.
Checksums-Sha1:
003f8604c4549eb4814258a8caef3bd545ce485c 1718 moodle_2.7.9+dfsg-1.dsc
3c674b5dc9a5bfa3cc33772e79334afbc7765a2e 34893885 moodle_2.7.9+dfsg.orig.tar.gz
fd5a9f7fa098ca4bbe1d7f1b5b444807639d2cf9 72212284
moodle_2.7.9+dfsg-1.debian.tar.xz
ec7c767608ff37f7eb6e868e29d1704aaf8f0240 15417322 moodle_2.7.9+dfsg-1_all.deb
Checksums-Sha256:
962d152950ad56bc705484f9d881fd154498291d2229e24f8eeaf7870f66411e 1718
moodle_2.7.9+dfsg-1.dsc
3cd4d0aa7d67d550304356620bc49d3d4be78e7eb0deb4e9e69b81fb309567c6 34893885
moodle_2.7.9+dfsg.orig.tar.gz
8503c36fbf85e2d2e435a05fd2a4b2673861309eb7f35ab9e52b932b42c05963 72212284
moodle_2.7.9+dfsg-1.debian.tar.xz
d7f8b8845a3f0499f986762d00030cada9f5c960e68d73e2b0f4d494aa67c271 15417322
moodle_2.7.9+dfsg-1_all.deb
Files:
b549cb2f384015cebf39f662272af6b1 1718 web optional moodle_2.7.9+dfsg-1.dsc
abc3ddd76b217623e09de9551bedb015 34893885 web optional
moodle_2.7.9+dfsg.orig.tar.gz
c24532c7a6a1df70a875b40d4dac413e 72212284 web optional
moodle_2.7.9+dfsg-1.debian.tar.xz
75a0edcab31f6085fc4d9d2503111908 15417322 web optional
moodle_2.7.9+dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVp7j2AAoJEDNRenKl5rDIAaIH/0kPGhkQ07mNAk3pAKutaKAz
GRpP5HiRjYcWe9ifsOONfBrSE055yhDGyGl8XfKF/RlHvToseYMNn5OZZ5O4qtrX
78Qz1unD4INSra66yhm1ayKoOYGsjIJhTg7voCAwI1f+hBU3YDxZQI74qgZYSMEx
PhhZTdVP8FMJKqVETgxvpKglp0fvnnbHjt/pai0Cf+2K2UzV+/U+J0b0yy24Xix7
KvhA/UfldwSCmWvfmxz0kLwYQ9L7LO6P6isVY5RHRj3Fv8xFwpeX+itRo1PFi6DJ
/J+zrEB6ModdEKl4X3VowFld1H4kTvJmfPplHxb+sLA0/HXD+Zo9dAN5AcUTqeg=
=D502
-----END PGP SIGNATURE-----
--- End Message ---
