This bug was fixed in the package moodle - 1.9.9.dfsg2-2

---------------
moodle (1.9.9.dfsg2-2) unstable; urgency=low

  * Added Romanian translation
  * Updated Japanese translation (closes: #596820)
  * Backporting security fixes from Moodle 1.9.10 (closes: #601384)
     - Updated embedded CAS to 1.1.3
     - Added patch for MDL-24523:
       clean_text() not filtering text in markdown format
     - Added patch for MDL-24810 and upgraded customized HTML Purifier to 4.2.0
     - Added patch for MDL-24258:
       students can delete their forum posts later than $CFG->maxeditingtime
       under certain conditions
     - Added patch for MDL-23377:
       Can't delete quiz attempts in course without enrolled students

moodle (1.9.9.dfsg2-1) unstable; urgency=low

  * Enable HTML purifier by default
  * Added Janapenese translation (closes: #593808)
  * Removed from source swf files without a source code
    and added README.source
  * Updated bundled HTML purifier library - fix for
    CVE-2010-2479 (closes: #593301)

moodle (1.9.9.dfsg-1) unstable; urgency=low

  [ Jonathan Wiltshire ]
  * Debconf templates and debian/control reviewed by the debian-l10n-
    english team as part of the Smith review project. Closes: #588871
  * Debconf translation updates:
     - Russian (closes: #589247)
     - Czech (closes: #589265)
     - Swedish (closes: #589270)
     - French (closes: #589510)
     - German (closes: #590120)
     - Spanish (closes: #590449)
     - Portugese (closes: #590556)

  [ Tomasz Muras ]
  * New debconf translation - Polish
  * Removed .swf files as non-free (closes: #591201)
  * Fixed generation of config.php for postgres (thanks Giles Westwood)

moodle (1.9.9-2) unstable; urgency=low

  * Fixed JS includes for YUI library (closes: #589612)
  * Bumped standards version to 3.9.0
  * Moved BSD licenses into copyright (fixes lintian warning)
  * Setting DM-Upload-Allowed as agreed with Xavier Oswald <email address hidden>

moodle (1.9.9-1) unstable; urgency=low

  * Rewritten debian/rules
  * Removed unnecessary usr/share/moodle/update-notifier
  * New Upstream Version: 1.9.9
  * New upstream fixes CVE-2010-1619 (closes: #585425)
  * New upstream fixes MSA-10-0011 (closes: #586280)

moodle (1.9.8-1) unstable; urgency=low

  [Tomasz Muras]
  * New Maintainer (closes: #581229, #574969).
  * New Upstream Version (closes: #475535).
  * Added information about flvplayer to copyright (closes: #526543).
  * phpCAS XSS vulnerability fixed in mainstream Moodle 1.9.8 (closes: #574757).
  * Several security issues fixed in upstream (closes: #576189).
  * Moodle depends on postgresql or MySQL (closes: #551399).
  * Re-written to use dbconfig-common (closes: #302205).
  * Updated copyright with two new entires (closes: #526543).
  * Drop use of wwwconfig (closes: #389502).
  * Package is now not creating Apache config automatically (closes: #555672).
    It's up to the user to configure the webserver but package provides the
    templates.
  * Added "allow from localhost" (closes: #551402).
  * Asking for wwwroot during the installation (closes: #302207).
  * Removing nusoap as it's not necessary for PHP 5 (closes: #529573).

  [Xavier Oswald]
  * Add myself as uploader.
  * Bump Stadards-Version to 3.8.4.
  * debian/copyright: update with DEP-5 format proposal.
  * Switch to dpkg-source 3.0 (quilt) format

  [Francois Marier]
  * Bump debhelper compatibility to 7
  * Add a watch file
  * debian/control (dependencies)
    - Depend on libjs-yui instead of yui (renamed after lenny)
    - Add dependency on unzip
    - Recommend php5-xmlrpc and aspell
    - Suggest clamav
    - Demoted mimetex to recommended
  * Turn 'dbpersist' on by default in the generated config.php
  * Include whitespace warning at the end of generated config.php
  * Set the path to du, unzip and zip
  * Fix a warning with E_STRICT is turned on
 -- Felix Geyer <email address hidden>   Sat, 30 Oct 2010 12:19:28 +0100