Dan,
Thanks for taking on the Debian packaging, that's really awesome. I see you're
using git for the Debian pacakging, do you have a mailing list I can contact
you guys? I'd like to talk about perhaps getting some better Debian/Ubuntu
collaboration going with moodle, especially concerning changes we've made,
embedded libraries, and security coordination.
-Jordan
** Summary changed:
- merge moodle 1.8.2.dfsg-2
+ merge moodle 1.8.2.dfsg-23
** Description changed:
Binary package hint: moodle
- The latest moodle is needed in Jaunty to close various security bugs.
+ The latest moodle is needed in Jaunty to close various security bugs.
Relevant changelog entries:
+ moodle (1.8.2.dfsg-3) unstable; urgency=high
+
+ * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
+ (MSA-09-0005, CVE-2008-5153)
+ * Hide images of deleted users (MSA-09-0001)
+ * Fix user pix disclosure (MSA-09-0002)
+ * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
+ * Fix XSS vulnerabilities in logs (MSA-09-0007)
+ * Fix CSRF vulnerability in forum code (MSA-09-0008)
+
+ -- Francois Marier <franc...@debian.org> Mon, 02 Feb 2009 19:09:10
+ +1300
+
+ moodle (1.8.2.dfsg-2) unstable; urgency=high
+
+ [ Dan Poltawski ]
+ * Patch SQL injection bug in hotpot module (MSA-08-0010)
+ * Fix XSS bug in logged urls (MDL-11414)
+ * Fix XSS bug in install script (MSA-08-0004)
+ * Fix insufficient access control in Login as feature (MSA-08-0003)
+ * Profiles of deleted users were accessible allowing for spam (MSA-08-0015)
+ * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021)
+ * Fix CSRF in messaging settings (MSA-08-0023)
+ * Fix anonymous group creation and html injection (MDL-11759)
+ * Fix SQL injection bug in mnet (MDL-9288)
+ * Fix SQL injection bug in restore (MDL-11857)
+ * Insufficient cleaning of essay questions (MDL-12079)
+ * Fix insufficient cleaning of PARAM_HOST (MDL-12793)
+ * Fix XSS bug in logged urls (MDL-11414)
+ * Fix uncleaned params in wiki (MDL-14806)
+
+ [ Francois Marier ]
+ * Update html2text to prevent code execution attacks (closes: #508909)
+
+ -- Francois Marier <franc...@debian.org> Wed, 17 Dec 2008 13:37:10
+ +1300
+
+ moodle (1.8.2.dfsg-1) unstable; urgency=high
+
+ * Replace html2text with a GPL alternative (closes: #507947)
+ * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593)
+ * Add Dan Poltawski to the uploaders field
+
+ -- Francois Marier <franc...@debian.org> Tue, 16 Dec 2008 20:24:27
+ +1300
** Summary changed:
- merge moodle 1.8.2.dfsg-23
+ merge moodle 1.8.2.dfsg-3
** Changed in: moodle (Ubuntu)
Importance: Medium => High
Assignee: Oliver Grawert (ogra) => Jordan Mantha (laserjock)
Status: Confirmed => In Progress
Target: jaunty-alpha-4 => jaunty-alpha-5
--
merge moodle 1.8.2.dfsg-3
https://bugs.launchpad.net/bugs/322961
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-b...@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
--
universe-bugs mailing list
universe-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/universe-bugs
