done ** Description changed:
Binary package hint: smarty + MIR Wiki page: https://wiki.ubuntu.com/MainInclusionReportSmarty Moodle already includes a copy of smarty and Debian has recently decided to remove the copy and depend on the system installed version. This is an ongoing effort to get rid of Moodle's embedded libs (see bottom of - https://wiki.ubuntu.com/EdubuntuContentServer ). Smarty has a CVE record - (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=smarty) but the current - version doesn't seem to have any vulnerabilities. However, not - keeping/using the moodle copy should ensure better security. Here's the - relevant Debian changelog entry: + https://wiki.ubuntu.com/EdubuntuContentServer ). Here's the relevant + Debian changelog entry: moodle (1.8.2-2) unstable; urgency=high * Adopt orphaned package (closes: #494642) * Acknowledge security NMU (closes: #489533, #432264) * Add Vcs-* fields to debian/control Release-critical and security bugs: * Depend on smarty instead of using the embedded copy that is shipped with Moodle (closes: #471158, #488525, #504345) * Patch security bug in the embedded (and customised) copy of phpmailer (CVE-2007-3215, closes: #429339, #429190) * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492) * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069) Trivial bug fixes: * Depend on zip (closes: #408995) * Add mysql-client as an alternative to postgresql-client (closes: #417554, #469094) * Recommend php5-ldap (closes: #425839) * Delete unnecessary script with bashisms (closes: #489634) Lintian warnings: * Bump Standards-Version to 3.8.0 * Add homepage field to debian/control * Remove cvsignore file * Remove extra license file * Depend on yui instead of using an embedded copy -- Francois Marier <franc...@debian.org> Fri, 07 Nov 2008 08:24:28 +1300 - - Let me know if you need anything more. ** Changed in: smarty (Ubuntu) Status: Incomplete => New -- MIR: please promote smarty to Main https://bugs.launchpad.net/bugs/327367 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs -- universe-bugs mailing list universe-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/universe-bugs
