This bug was fixed in the package moodle - 1.9.9.dfsg2-2 --------------- moodle (1.9.9.dfsg2-2) unstable; urgency=low
* Added Romanian translation * Updated Japanese translation (closes: #596820) * Backporting security fixes from Moodle 1.9.10 (closes: #601384) - Updated embedded CAS to 1.1.3 - Added patch for MDL-24523: clean_text() not filtering text in markdown format - Added patch for MDL-24810 and upgraded customized HTML Purifier to 4.2.0 - Added patch for MDL-24258: students can delete their forum posts later than $CFG->maxeditingtime under certain conditions - Added patch for MDL-23377: Can't delete quiz attempts in course without enrolled students moodle (1.9.9.dfsg2-1) unstable; urgency=low * Enable HTML purifier by default * Added Janapenese translation (closes: #593808) * Removed from source swf files without a source code and added README.source * Updated bundled HTML purifier library - fix for CVE-2010-2479 (closes: #593301) moodle (1.9.9.dfsg-1) unstable; urgency=low [ Jonathan Wiltshire ] * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. Closes: #588871 * Debconf translation updates: - Russian (closes: #589247) - Czech (closes: #589265) - Swedish (closes: #589270) - French (closes: #589510) - German (closes: #590120) - Spanish (closes: #590449) - Portugese (closes: #590556) [ Tomasz Muras ] * New debconf translation - Polish * Removed .swf files as non-free (closes: #591201) * Fixed generation of config.php for postgres (thanks Giles Westwood) moodle (1.9.9-2) unstable; urgency=low * Fixed JS includes for YUI library (closes: #589612) * Bumped standards version to 3.9.0 * Moved BSD licenses into copyright (fixes lintian warning) * Setting DM-Upload-Allowed as agreed with Xavier Oswald <xosw...@debian.org> moodle (1.9.9-1) unstable; urgency=low * Rewritten debian/rules * Removed unnecessary usr/share/moodle/update-notifier * New Upstream Version: 1.9.9 * New upstream fixes CVE-2010-1619 (closes: #585425) * New upstream fixes MSA-10-0011 (closes: #586280) moodle (1.9.8-1) unstable; urgency=low [Tomasz Muras] * New Maintainer (closes: #581229, #574969). * New Upstream Version (closes: #475535). * Added information about flvplayer to copyright (closes: #526543). * phpCAS XSS vulnerability fixed in mainstream Moodle 1.9.8 (closes: #574757). * Several security issues fixed in upstream (closes: #576189). * Moodle depends on postgresql or MySQL (closes: #551399). * Re-written to use dbconfig-common (closes: #302205). * Updated copyright with two new entires (closes: #526543). * Drop use of wwwconfig (closes: #389502). * Package is now not creating Apache config automatically (closes: #555672). It's up to the user to configure the webserver but package provides the templates. * Added "allow from localhost" (closes: #551402). * Asking for wwwroot during the installation (closes: #302207). * Removing nusoap as it's not necessary for PHP 5 (closes: #529573). [Xavier Oswald] * Add myself as uploader. * Bump Stadards-Version to 3.8.4. * debian/copyright: update with DEP-5 format proposal. * Switch to dpkg-source 3.0 (quilt) format [Francois Marier] * Bump debhelper compatibility to 7 * Add a watch file * debian/control (dependencies) - Depend on libjs-yui instead of yui (renamed after lenny) - Add dependency on unzip - Recommend php5-xmlrpc and aspell - Suggest clamav - Demoted mimetex to recommended * Turn 'dbpersist' on by default in the generated config.php * Include whitespace warning at the end of generated config.php * Set the path to du, unzip and zip * Fix a warning with E_STRICT is turned on -- Felix Geyer <debfx-...@fobos.de> Sat, 30 Oct 2010 12:19:28 +0100 ** Changed in: moodle (Ubuntu) Status: New => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1619 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-2479 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/640572 Title: Please Merge Moodle 1.9.4 in Maverick with Debian Unstable 1.9.9 - active security vulnerability -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs