Dan, Thanks for taking on the Debian packaging, that's really awesome. I see you're using git for the Debian pacakging, do you have a mailing list I can contact you guys? I'd like to talk about perhaps getting some better Debian/Ubuntu collaboration going with moodle, especially concerning changes we've made, embedded libraries, and security coordination.
-Jordan ** Summary changed: - merge moodle 1.8.2.dfsg-2 + merge moodle 1.8.2.dfsg-23 ** Description changed: Binary package hint: moodle - The latest moodle is needed in Jaunty to close various security bugs. + The latest moodle is needed in Jaunty to close various security bugs. Relevant changelog entries: + moodle (1.8.2.dfsg-3) unstable; urgency=high + + * Delete unused (but vulnerable) Spellchecker plugin to htmlarea + (MSA-09-0005, CVE-2008-5153) + * Hide images of deleted users (MSA-09-0001) + * Fix user pix disclosure (MSA-09-0002) + * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004) + * Fix XSS vulnerabilities in logs (MSA-09-0007) + * Fix CSRF vulnerability in forum code (MSA-09-0008) + + -- Francois Marier <franc...@debian.org> Mon, 02 Feb 2009 19:09:10 + +1300 + + moodle (1.8.2.dfsg-2) unstable; urgency=high + + [ Dan Poltawski ] + * Patch SQL injection bug in hotpot module (MSA-08-0010) + * Fix XSS bug in logged urls (MDL-11414) + * Fix XSS bug in install script (MSA-08-0004) + * Fix insufficient access control in Login as feature (MSA-08-0003) + * Profiles of deleted users were accessible allowing for spam (MSA-08-0015) + * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021) + * Fix CSRF in messaging settings (MSA-08-0023) + * Fix anonymous group creation and html injection (MDL-11759) + * Fix SQL injection bug in mnet (MDL-9288) + * Fix SQL injection bug in restore (MDL-11857) + * Insufficient cleaning of essay questions (MDL-12079) + * Fix insufficient cleaning of PARAM_HOST (MDL-12793) + * Fix XSS bug in logged urls (MDL-11414) + * Fix uncleaned params in wiki (MDL-14806) + + [ Francois Marier ] + * Update html2text to prevent code execution attacks (closes: #508909) + + -- Francois Marier <franc...@debian.org> Wed, 17 Dec 2008 13:37:10 + +1300 + + moodle (1.8.2.dfsg-1) unstable; urgency=high + + * Replace html2text with a GPL alternative (closes: #507947) + * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593) + * Add Dan Poltawski to the uploaders field + + -- Francois Marier <franc...@debian.org> Tue, 16 Dec 2008 20:24:27 + +1300 ** Summary changed: - merge moodle 1.8.2.dfsg-23 + merge moodle 1.8.2.dfsg-3 ** Changed in: moodle (Ubuntu) Importance: Medium => High Assignee: Oliver Grawert (ogra) => Jordan Mantha (laserjock) Status: Confirmed => In Progress Target: jaunty-alpha-4 => jaunty-alpha-5 -- merge moodle 1.8.2.dfsg-3 https://bugs.launchpad.net/bugs/322961 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs -- universe-bugs mailing list universe-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/universe-bugs