Re: Security fixes in moodle-1.8.2.dfsg-3 (please unblock)

To: Francois Marier <francois@debian.org>
Cc: debian-release@lists.debian.org, moodle-packaging@catalyst.net.nz, Thijs Kinkhorst <thijs@debian.org>
Subject: Re: Security fixes in moodle-1.8.2.dfsg-3 (please unblock)
From: Luk Claes <luk@debian.org>
Date: Tue, 03 Feb 2009 07:58:37 +0100
Message-id: <4987EB1D.8060103@debian.org>
In-reply-to: <20090202235118.GI6154@isafjordur.dyndns.org>
References: <20090202235118.GI6154@isafjordur.dyndns.org>

Francois Marier wrote:
> (Please CC me on your replies, thanks!)
> 
> Hello,
> 
> Moodle 1.8.8 was recently released and it fixes a number of security issues
> which are present in the current lenny moodle package.
> 
> Attached is a debdiff of the -2 (in lenny) against -3. It fixes all of these
> vulnerabilities:
> 
>   * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
>     (MSA-09-0005, CVE-2008-5153)
>   * Hide images of deleted users (MSA-09-0001)
>   * Fix user pix disclosure (MSA-09-0002)
>   * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
>   * Fix XSS vulnerabilities in logs (MSA-09-0007)
>   * Fix CSRF vulnerability in forum code (MSA-09-0008)
> 
> After talking to the testing security team, I have uploaded this package to
> unstable with the hope that it will be unblocked for lenny.

unblocked

Cheers

Luk

Reply to:

References:
- Security fixes in moodle-1.8.2.dfsg-3 (please unblock)
  - From: Francois Marier <francois@debian.org>

Prev by Date: Re: Freeze exception for yaws 1.77-3
Next by Date: Please unblock libgeotiff-dfsg 1.2.4-4
Previous by thread: Security fixes in moodle-1.8.2.dfsg-3 (please unblock)
Next by thread: Re: [Fwd: Please unblock dtc 0.29.16-1]
Index(es):
- Date
- Thread