Your message dated Sun, 08 Jan 2006 09:33:31 -0800 with message-id <[EMAIL PROTECTED]> and subject line Bug#346509: fixed in moodle 1.5.3+20060108-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 8 Jan 2006 15:44:48 +0000 >From [EMAIL PROTECTED] Sun Jan 08 07:44:48 2006 Return-path: <[EMAIL PROTECTED]> Received: from mx.eteo.mondragon.edu ([193.146.78.131]) by spohr.debian.org with esmtp (Exim 4.50) id 1Evciu-0000sq-Ia for [EMAIL PROTECTED]; Sun, 08 Jan 2006 07:44:48 -0800 Received: by mx.eteo.mondragon.edu (Postfix, from userid 0) id 080BCB6A3; Sun, 8 Jan 2006 16:44:43 +0100 (CET) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 From: Inaki Arenaza <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: moodle: AdoDB security bug, as distributed with Moodle X-Mailer: reportbug 3.8 Date: Sun, 08 Jan 2006 16:44:43 +0100 Message-Id: <[EMAIL PROTECTED]> Content-Transfer-Encoding: quoted-printable Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: moodle Version: 1.5.3-1 Severity: grave Justification: user security hole There is a know security bug in the AdoDB libraries distributed as part of Moodle, in the 1.5.x series at least. This has been fixed in the 1.5.3+ release as of 2006.01.06, as can be seen here: http://security.moodle.org/mod/forum/discuss.php?d=3D210 Saludos. I=F1aki. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.11.10 Locale: LANG=3DC, LC_CTYPE=3DC (charmap=3DANSI_X3.4-1968) Versions of packages moodle depends on: ii apache [httpd] 1.3.33-6sarge1 versatile, high-performance = HTTP s ii debconf [debconf-2.0] 1.4.30.13 Debian configuration managem= ent sy ii mimetex 1.50-1 LaTeX math expressions to an= ti-ali ii php4 4:4.3.10-16 server-side, HTML-embedded s= cripti ii php4-gd 4:4.3.10-16 GD module for php4 ii php4-mysql 4:4.3.10-16 MySQL module for php4 ii wget 1.9.1-12 retrieves files from the web ii wwwconfig-common 0.0.43 Debian web auto configuratio= n -- debconf information excluded --------------------------------------- Received: (at 346509-close) by bugs.debian.org; 8 Jan 2006 17:41:16 +0000 >From [EMAIL PROTECTED] Sun Jan 08 09:41:16 2006 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EveQ7-0001Bv-Id; Sun, 08 Jan 2006 09:33:31 -0800 From: Isaac Clerencia <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.65 $ Subject: Bug#346509: fixed in moodle 1.5.3+20060108-1 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Sun, 08 Jan 2006 09:33:31 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 3 Source: moodle Source-Version: 1.5.3+20060108-1 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive: moodle_1.5.3+20060108-1.diff.gz to pool/main/m/moodle/moodle_1.5.3+20060108-1.diff.gz moodle_1.5.3+20060108-1.dsc to pool/main/m/moodle/moodle_1.5.3+20060108-1.dsc moodle_1.5.3+20060108-1_all.deb to pool/main/m/moodle/moodle_1.5.3+20060108-1_all.deb moodle_1.5.3+20060108.orig.tar.gz to pool/main/m/moodle/moodle_1.5.3+20060108.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Isaac Clerencia <[EMAIL PROTECTED]> (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 8 Jan 2006 17:09:57 +0100 Source: moodle Binary: moodle Architecture: source all Version: 1.5.3+20060108-1 Distribution: unstable Urgency: low Maintainer: Isaac Clerencia <[EMAIL PROTECTED]> Changed-By: Isaac Clerencia <[EMAIL PROTECTED]> Description: moodle - Course Management System for Online Learning Closes: 342304 345930 346509 Changes: moodle (1.5.3+20060108-1) unstable; urgency=low . * New package created from 1.5.3+ branch, which closes: #346509, a security bug in the ADODB code included in Moodle * Check for /usr/share/moodle/admin/cron.php existence in the cronjob, closes: #342304 * Use php4-cli instead of wget to run the cronjob, closes: #345930 Files: 42a7a158d386b47ebbec8eba9f606c7b 660 web optional moodle_1.5.3+20060108-1.dsc 1c9a633b7f18d6e78f57c2c091e64e8b 14987969 web optional moodle_1.5.3+20060108.orig.tar.gz 58ba6e218482efa66021f133e2a82eb2 11971 web optional moodle_1.5.3+20060108-1.diff.gz 31b2ac554503fb07af962afef0f0e959 14178582 web optional moodle_1.5.3+20060108-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Signed by Isaac Clerencia <[EMAIL PROTECTED]> iD4DBQFDwTv7QET2GFTmct4RAlAzAJ4pvSwVgnsjmAmYVYeL5xUKEFu9GACXZN1W vH5LW3DUS0B5oM+zhCNQ2w== =mGcp -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]