On Fri, February 13, 2015 16:10, Joost van Baal-IliÄ wrote: >> CVE-2014-4172 > > php-cas problem, fixed in Debian's php-cas 1.3.3-1 and 1.3.1-4+deb7u1. > Moodle ships with unchanged phpCAS 1.3.3, see > moodle-2.7.5+dfsg/auth/cas/CAS/moodle_readme.txt Moodle can likely use the > Debian-maintained php-cas package. I'll try & test that.
Probably, yes. It wasn't possible earlier because the versions were different, that has now been solved. >> CVE-2013-3630 > > https://tracker.moodle.org/browse/MDL-41449 > > I'll apply for a Jira account later... :-/ I can read it. The issue is still unfixed and under embargo. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
