On Wednesday 19 March 2008 18:45, Christian Perrier wrote: > So, would an NMU *not* covering the security issue interfere with a > security update ? > > Again, I'd be happy to do the ecurity update but I need a patch. I > tried to have a look at the issue but it requires skills I don't have.
You would not interfere with any work from our (security team) point of view. Moodle does not use the code of this specific vulnerability so no patch is needed. The bug itself stays open until the embedded smarty code has been removed, because a next smarty bug could of course affect moodle. Thijs
pgpH93BDLIMua.pgp
Description: PGP signature
