Back to moodle PTS page

Accepted moodle 1.6.3-2+etch1 (source all)

To: debian-changes@lists.debian.org
Subject: Accepted moodle 1.6.3-2+etch1 (source all)
From: Francois Marier <francois@debian.org>
Date: Mon, 09 Feb 2009 21:35:43 +0000
Message-id: <E1LWdn5-0003D7-1d@ries.debian.org>
Sender: Archive Administrator <dak@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 17 Dec 2008 14:38:28 +1300
Source: moodle
Binary: moodle
Architecture: source all
Version: 1.6.3-2+etch1
Distribution: stable-security
Urgency: high
Maintainer: Moodle Packaging Team <moodle-packaging@catalyst.net.nz>
Changed-By: Francois Marier <francois@debian.org>
Description: 
 moodle     - Course Management System for Online Learning
Closes: 429190 429339 432264 471158 489533 492492 494642 504235 504345 508593
Changes: 
 moodle (1.6.3-2+etch1) stable-security; urgency=high
 .
   * Adopt orphaned package (closes: #494642)
 .
   [ Francois Marier ]
   * Fix vulnerabilities in embedded copy of smarty
     (CVE-2008-1066, CVE-2008-4811, CVE-2008-4810)
     (closes: #471158, #504345)
   * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
   * Patch XSS scripting bug in blog/edit (CVE-2008-3326, closes: #492492)
   * Patch CSRF in edit profile page (CVE-2008-3325)
   * Patch XSS bug in kses (CVE-2008-1502, closes: #489533)
   * Patch XSS bug in user search page (CVE-2007-3555, closes: #432264)
   * Patch security bug in the embedded (and customised) copy of phpmailer
     (CVE-2007-3215, closes: #429339, #429190)
 .
   [ Dan Poltawski ]
   * Patch SQL injection bug in hotpot module (MSA-08-0010)
   * Patch privilege escalation bug in moodle core (MSA-08-0001)
   * Patch CSRF bug in message settings page (MSA-08-0023)
   * Patch XSS bug in wiki page titles (CVE-2008-5432, closes: #508593)
   * Patch XSS bug in string cleaning functions (MSA-08-0021)
   * Patch XSS bug in RSS feeds
   * Fix parameter cleaning in forum user page
   * Fix critical security hole which allows any user to reset a users
     password (MDL-7755)
   * Fix XSS bug in login block (MDL-8849)
   * Fix insufficient cleaning of PARAM_HOST (MDL-12793)
   * Fix XSS bug in logged urls (MDL-11414)
   * Fix uncleaned params in wiki (MDL-14806)
   * Fix text cleaning (MDL-10276)
Files: 
 d9a1fceaf316b608709be372d97e667a 793 web optional moodle_1.6.3-2+etch1.dsc
 2f9f3fcf83ab0f18c409f3a48e07eae2 7465709 web optional moodle_1.6.3.orig.tar.gz
 d29c179786ca1dcadf232c5e9a601362 24019 web optional moodle_1.6.3-2+etch1.diff.gz
 9a5fb5924faa639952c3171665bc347d 6592474 web optional moodle_1.6.3-2+etch1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJSXpJScUZKBnQNIYRAgkFAJ48I/8WdCMlHOtKE/sCCokWC0QoQQCgoAPn
tNg4aPFgcra3nrjVkfxD/oA=
=XHA/
-----END PGP SIGNATURE-----


Accepted:
moodle_1.6.3-2+etch1.diff.gz
  to pool/main/m/moodle/moodle_1.6.3-2+etch1.diff.gz
moodle_1.6.3-2+etch1.dsc
  to pool/main/m/moodle/moodle_1.6.3-2+etch1.dsc
moodle_1.6.3-2+etch1_all.deb
  to pool/main/m/moodle/moodle_1.6.3-2+etch1_all.deb