Comment 1 for bug 322961

1.8.2.dfsg-3 available in Debian repositories:

Delete unused (but vulnerable) Spellchecker plugin to htmlarea
     (MSA-09-0005, CVE-2008-5153)
   * Hide images of deleted users (MSA-09-0001)
   * Fix user pix disclosure (MSA-09-0002)
   * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
   * Fix XSS vulnerabilities in logs (MSA-09-0007)
   * Fix CSRF vulnerability in forum code (MSA-09-0008)

http://packages.debian.org/lenny/moodle