| 2009-02-10 18:30:26 |
LaserJock |
description |
Binary package hint: moodle
The latest moodle is needed in Jaunty to close various security bugs. |
Binary package hint: moodle
The latest moodle is needed in Jaunty to close various security bugs. Relevant changelog entries:
moodle (1.8.2.dfsg-3) unstable; urgency=high
* Delete unused (but vulnerable) Spellchecker plugin to htmlarea
(MSA-09-0005, CVE-2008-5153)
* Hide images of deleted users (MSA-09-0001)
* Fix user pix disclosure (MSA-09-0002)
* Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
* Fix XSS vulnerabilities in logs (MSA-09-0007)
* Fix CSRF vulnerability in forum code (MSA-09-0008)
-- Francois Marier <francois@debian.org> Mon, 02 Feb 2009 19:09:10 +1300
moodle (1.8.2.dfsg-2) unstable; urgency=high
[ Dan Poltawski ]
* Patch SQL injection bug in hotpot module (MSA-08-0010)
* Fix XSS bug in logged urls (MDL-11414)
* Fix XSS bug in install script (MSA-08-0004)
* Fix insufficient access control in Login as feature (MSA-08-0003)
* Profiles of deleted users were accessible allowing for spam (MSA-08-0015)
* Deficincy in text cleaning functions allowed for XSS (MSA-08-0021)
* Fix CSRF in messaging settings (MSA-08-0023)
* Fix anonymous group creation and html injection (MDL-11759)
* Fix SQL injection bug in mnet (MDL-9288)
* Fix SQL injection bug in restore (MDL-11857)
* Insufficient cleaning of essay questions (MDL-12079)
* Fix insufficient cleaning of PARAM_HOST (MDL-12793)
* Fix XSS bug in logged urls (MDL-11414)
* Fix uncleaned params in wiki (MDL-14806)
[ Francois Marier ]
* Update html2text to prevent code execution attacks (closes: #508909)
-- Francois Marier <francois@debian.org> Wed, 17 Dec 2008 13:37:10 +1300
moodle (1.8.2.dfsg-1) unstable; urgency=high
* Replace html2text with a GPL alternative (closes: #507947)
* Fix XSS in the wiki module (CVE-2008-5432, closes: #508593)
* Add Dan Poltawski to the uploaders field
-- Francois Marier <francois@debian.org> Tue, 16 Dec 2008 20:24:27 +1300 |
|
