Accepted moodle 2.7.8+dfsg-1 (source all) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 22 May 2015 10:34:59 +0200
Source: moodle
Binary: moodle
Architecture: source all
Version: 2.7.8+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Moodle Packaging Team <pkg-moodle-maintainers@lists.alioth.debian.org>
Changed-By: Joost van Baal-Ilić <joostvb@debian.org>
Description:
moodle - course management system for online learning
Closes: 785591
Changes:
moodle (2.7.8+dfsg-1) unstable; urgency=high
.
* New upstream security release, released 11 May 2015. Note that the upstream
2.7 branch is now supported for security fixes only until May 2017 (LTS).
Security issues fixed:
- MSA-15-0018: Quiz manual-grading is an XSS risk, but does not declare
that, Reported by Hugh Davenport, MDL-49941, CVE-2015-3174
- MSA-15-0019: Possible phishing when redirecting to external site using
referer header, Reported by Dingjie Yang, MDL-49179, CVE-2015-3175
- MSA-15-0020: User fullname disclosure through account confirmation link,
Reported by: Federico Kirschbaum, MDL-50099, CVE-2015-3176
- MSA-15-0022: Potential XSS risk when returning text entered by student
from Web Services, Reported by Eloy Lafuente, MDL-49718, CVE-2015-3178
- MSA-15-0023: Suspended user is able to login when confirming email,
Reported by Marina Glancy, MDL-50090, CVE-2015-3179
- MSA-15-0024: User with suspended enrolment can see sections in the
navigation tree, Reported by Alex Mitin, MDL-49788, CVE-2015-3180
- MSA-15-0025: Capability to manage own files is not respected in Web
Services, Reported by Juan Leyva, MDL-49994, CVE-2015-3181
See http://www.openwall.com/lists/oss-security/2015/05/18/1 for more details
on these fixed security issues. Some other fixes: MDL-48187 - Fixed problem
with new items automatically marked as extra credit in SWM category in
Gradebook; MDL-42449 - Grade category is preserved when duplicating a module;
MDL-46746, MDL-47003, MDL-47002 - Atto editor HTML cleaning is less aggressive
and more aware of special tags, especially noticeable when pasting text from
Word. See the Moodle 2.7.8 release notes at
https://docs.moodle.org/dev/Moodle_2.7.8_release_notes for more details.
Thanks Salvatore Bonaccorso. Closes: #785591
* debian/watch: fix syntax.
Checksums-Sha1:
eb9055f163fed3054e9d878e04fdb767e7520850 1718 moodle_2.7.8+dfsg-1.dsc
6470582154e0d7e23ef4ab3dbe2488d6c05869a5 34981459 moodle_2.7.8+dfsg.orig.tar.gz
d00d994a2496b41439e53064f86d47ba1b499b4a 72212028 moodle_2.7.8+dfsg-1.debian.tar.xz
66f202c0389e183ee4db42c695310a0c2d705cce 15450552 moodle_2.7.8+dfsg-1_all.deb
Checksums-Sha256:
33d08ee85d90c96f42387cffd89e4e4036ce91739ed962d4a5c17a91c41c93af 1718 moodle_2.7.8+dfsg-1.dsc
5afff29f091fda2d58c1fb14ef3275d71a7fb6b04a8dafeae4ef3b5d752710da 34981459 moodle_2.7.8+dfsg.orig.tar.gz
92b635cbd1b2970ce87dbb0494e97db5a7028c367823226a1d0d67778f25312b 72212028 moodle_2.7.8+dfsg-1.debian.tar.xz
e0df04a76e8d3c34fa450fdada97fb6ab68f3c44b73d5b75ed289190da9b07fb 15450552 moodle_2.7.8+dfsg-1_all.deb
Files:
0180b967a361c103dcacce14d496ff22 1718 web optional moodle_2.7.8+dfsg-1.dsc
ddafaae905a4aeb739c06d95f3ce8617 34981459 web optional moodle_2.7.8+dfsg.orig.tar.gz
063fe7d1015a55602accc664cf8a929d 72212028 web optional moodle_2.7.8+dfsg-1.debian.tar.xz
1137629d8c995a83ef7662fb23f02de9 15450552 web optional moodle_2.7.8+dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVXu1KAAoJEDNRenKl5rDIMqoH/1kovIN17Deq/UtzzG4GEuHA
ZXOCZsoVtnq/E/H535QKtjp9lMm2AC1HZBdm3TeIemqWBTQfF+CJWIzLRllCNq4N
SX0JDT7W1yfygCMfYrPexu8BkX8fnvdpFAOqz0yUwGaI9is83A+Y3wBrkmrxhi4N
s0q24piLb4jBOzNQMROIMQ7TUILdTWR0w6+j7SgbrUQLPXmy/RVPIJhFL6blTPbF
ZCZjFNil7Qox1GXCL31Ly1L0clcaaIcGAZNaE/CGREd3E6vF5YYFlDgHhMu3F7MI
zxcksBrrvtOHJRA3+GNJqlzBr38A1MROQ5fCT3K/cO9YoIPuw8RMNjUVO+pzSdw=
=g4HD
-----END PGP SIGNATURE-----