[Bug 981920] [NEW] Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes

Jeremy Bicha jeremy at bicha.net
Sat Apr 14 21:39:37 UTC 2012


*** This bug is a security vulnerability ***

Public security bug reported:

Please sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable (main)

Changelog entries since current natty version 1.9.9.dfsg2-2:

moodle (1.9.9.dfsg2-6) unstable; urgency=high

  * Backporting security fixes from Moodle 1.9.17
     - MSA-12-00013 DB activtity export does not respect groups
         (CVE-2012-1155, closes: #668411)

 -- Tomasz Muras <nexor1984 at gmail.com>  Thu, 12 Apr 2012 21:55:48 +0100

moodle (1.9.9.dfsg2-5.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix pending l10n issues. Debconf translations:
    - Danish (Joe Hansen).  Closes: #658747
    - Dutch; (Jeroen Schot).  Closes: #660243
    - Brazilian Portuguese (Adriano Rafael Gomes).  Closes: #668092
    - Italian (Beatrice Torracca).  Closes: #668161

 -- Christian Perrier <bubulle at debian.org>  Tue, 10 Apr 2012 07:36:58
+0200

moodle (1.9.9.dfsg2-5) unstable; urgency=high

  * Backporting security fixes from Moodle 1.9.15 and 1.9.16
    (closes: #652235)
     - MSA-11-0054 Personal information leak
     - MSA-11-0045 Potential to masquerade through MNet (CVE-2011-4584)
     - MSA-11-0046 Insecure authentication transmission (CVE-2011-4585)
     - MSA-11-0047 Possible injection attack in Calendar (CVE-2011-4586)
     - MSA-11-0048 Password loss issue (CVE-2011-4587)
     - MSA-11-0049 Network restriction ineffective with MNet (CVE-2011-4588)
     - MSA-12-0007 Email injection prevention (CVE-2012-0796)
     - MSA-12-0006 Additional email address validation (CVE-2012-0795)
     - MSA-12-0005 Encryption enhancement (CVE-2012-0794)
     - MSA-12-0004 Added profile image security (CVE-2012-0793)
     - MSA-12-0003 Added password protection 
     - MSA-12-0002 Personal information leak, previously MSA-11-0040 
       (CVE-2011-4308 and CVE-2012-0792)
     - MSA-12-0001 Recaptcha transmission consistency issue

 -- Tomasz Muras <nexor1984 at gmail.com>  Mon, 27 Feb 2012 21:14:48 +0000

moodle (1.9.9.dfsg2-4) unstable; urgency=high

  * Backporting security fixes from Moodle 1.9.13 and 1.9.14
      - MSA-11-0026 Fields in user upload CSV not being escaped (MDL-28360)
      - MSA-11-0025 Group names in user upload CSV not being escaped (MDL-28197)
      - MSA-11-0024 Recaptcha images were being authenticated 
          from an older server (MDL-27889) (closes: #638935)
      - MSA-11-0020 Continue links in error messages can lead offsite (MDL-27464)
      - MSA-11-0038 Database injection protection strengthened (MDL-29033)
      - MSA-11-0037 Course section editing injection vulnerability (MDL-28722)
      - MSA-11-0036 Messaging refresh vulnerability (MDL-29311)
      - MSA-11-0032 MNET SSL validation issue (MDL-29148)
      - MSA-11-0031 Forms API constant issue (MDL-23872)
  * Make sure that smarty & yui symlinks are correct (closes: 603255,614712) 

 -- Tomasz Muras <nexor1984 at gmail.com>  Fri, 28 Oct 2011 13:29:14 +0100

moodle (1.9.9.dfsg2-3) unstable; urgency=high

  * Backporting security fixes from Moodle 1.9.11 and 1.9.12
      - MSA-11-0002 Cross-site request forgery vulnerability in RSS block (MDL-18839)
      - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete (MDL-25754)
      - MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information (MDL-26189)
      - MSA-11-0011 Multiple cross-site scripting problems in media filter (MDL-26030)
      - MSA-11-0015 Cross Site Scripting through URL encoding (MDL-26966)
      - MSA-11-0013 Group/Quiz permissions issue (MDL-25122)

 -- Tomasz Muras <nexor1984 at gmail.com>  Wed, 18 May 2011 20:57:59 +0100

moodle (1.9.9.dfsg2-2.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix encoding of Swedish debconf translation.

 -- Christian Perrier <bubulle at debian.org>  Tue, 11 Jan 2011 22:03:44
+0100

** Affects: moodle (Ubuntu)
     Importance: Undecided
         Status: New

** This bug has been flagged as a security vulnerability

** Description changed:

  Please sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable (main)
  
- Changelog entries since current precise version 1.9.9.dfsg2-5:
+ Changelog entries since current natty version 1.9.9.dfsg2-2:
  
  moodle (1.9.9.dfsg2-6) unstable; urgency=high
  
-   * Backporting security fixes from Moodle 1.9.17
-      - MSA-12-00013 DB activtity export does not respect groups
-          (CVE-2012-1155, closes: #668411)
+   * Backporting security fixes from Moodle 1.9.17
+      - MSA-12-00013 DB activtity export does not respect groups
+          (CVE-2012-1155, closes: #668411)
  
-  -- Tomasz Muras <nexor1984 at gmail.com>  Thu, 12 Apr 2012 21:55:48 +0100
+  -- Tomasz Muras <nexor1984 at gmail.com>  Thu, 12 Apr 2012 21:55:48 +0100
  
  moodle (1.9.9.dfsg2-5.1) unstable; urgency=low
  
+   * Non-maintainer upload.
+   * Fix pending l10n issues. Debconf translations:
+     - Danish (Joe Hansen).  Closes: #658747
+     - Dutch; (Jeroen Schot).  Closes: #660243
+     - Brazilian Portuguese (Adriano Rafael Gomes).  Closes: #668092
+     - Italian (Beatrice Torracca).  Closes: #668161
+ 
+  -- Christian Perrier <bubulle at debian.org>  Tue, 10 Apr 2012 07:36:58
+ +0200
+ 
+ moodle (1.9.9.dfsg2-5) unstable; urgency=high
+ 
+   * Backporting security fixes from Moodle 1.9.15 and 1.9.16
+     (closes: #652235)
+      - MSA-11-0054 Personal information leak
+      - MSA-11-0045 Potential to masquerade through MNet (CVE-2011-4584)
+      - MSA-11-0046 Insecure authentication transmission (CVE-2011-4585)
+      - MSA-11-0047 Possible injection attack in Calendar (CVE-2011-4586)
+      - MSA-11-0048 Password loss issue (CVE-2011-4587)
+      - MSA-11-0049 Network restriction ineffective with MNet (CVE-2011-4588)
+      - MSA-12-0007 Email injection prevention (CVE-2012-0796)
+      - MSA-12-0006 Additional email address validation (CVE-2012-0795)
+      - MSA-12-0005 Encryption enhancement (CVE-2012-0794)
+      - MSA-12-0004 Added profile image security (CVE-2012-0793)
+      - MSA-12-0003 Added password protection 
+      - MSA-12-0002 Personal information leak, previously MSA-11-0040 
+        (CVE-2011-4308 and CVE-2012-0792)
+      - MSA-12-0001 Recaptcha transmission consistency issue
+ 
+  -- Tomasz Muras <nexor1984 at gmail.com>  Mon, 27 Feb 2012 21:14:48 +0000
+ 
+ moodle (1.9.9.dfsg2-4) unstable; urgency=high
+ 
+   * Backporting security fixes from Moodle 1.9.13 and 1.9.14
+       - MSA-11-0026 Fields in user upload CSV not being escaped (MDL-28360)
+       - MSA-11-0025 Group names in user upload CSV not being escaped (MDL-28197)
+       - MSA-11-0024 Recaptcha images were being authenticated 
+           from an older server (MDL-27889) (closes: #638935)
+       - MSA-11-0020 Continue links in error messages can lead offsite (MDL-27464)
+       - MSA-11-0038 Database injection protection strengthened (MDL-29033)
+       - MSA-11-0037 Course section editing injection vulnerability (MDL-28722)
+       - MSA-11-0036 Messaging refresh vulnerability (MDL-29311)
+       - MSA-11-0032 MNET SSL validation issue (MDL-29148)
+       - MSA-11-0031 Forms API constant issue (MDL-23872)
+   * Make sure that smarty & yui symlinks are correct (closes: 603255,614712) 
+ 
+  -- Tomasz Muras <nexor1984 at gmail.com>  Fri, 28 Oct 2011 13:29:14 +0100
+ 
+ moodle (1.9.9.dfsg2-3) unstable; urgency=high
+ 
+   * Backporting security fixes from Moodle 1.9.11 and 1.9.12
+       - MSA-11-0002 Cross-site request forgery vulnerability in RSS block (MDL-18839)
+       - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete (MDL-25754)
+       - MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information (MDL-26189)
+       - MSA-11-0011 Multiple cross-site scripting problems in media filter (MDL-26030)
+       - MSA-11-0015 Cross Site Scripting through URL encoding (MDL-26966)
+       - MSA-11-0013 Group/Quiz permissions issue (MDL-25122)
+ 
+  -- Tomasz Muras <nexor1984 at gmail.com>  Wed, 18 May 2011 20:57:59 +0100
+ 
+ moodle (1.9.9.dfsg2-2.1) unstable; urgency=low
+ 
    * Non-maintainer upload.
-   * Fix pending l10n issues. Debconf translations:
-     - Danish (Joe Hansen).  Closes: #658747
-     - Dutch; (Jeroen Schot).  Closes: #660243
-     - Brazilian Portuguese (Adriano Rafael Gomes).  Closes: #668092
-     - Italian (Beatrice Torracca).  Closes: #668161
+   * Fix encoding of Swedish debconf translation.
  
-  -- Christian Perrier <bubulle at debian.org>  Tue, 10 Apr 2012 07:36:58
- +0200
+  -- Christian Perrier <bubulle at debian.org>  Tue, 11 Jan 2011 22:03:44
+ +0100

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/981920

Title:
  Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security &
  l10 fixes

Status in “moodle” package in Ubuntu:
  New

Bug description:
  Please sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable
  (main)

  Changelog entries since current natty version 1.9.9.dfsg2-2:

  moodle (1.9.9.dfsg2-6) unstable; urgency=high

    * Backporting security fixes from Moodle 1.9.17
       - MSA-12-00013 DB activtity export does not respect groups
           (CVE-2012-1155, closes: #668411)

   -- Tomasz Muras <nexor1984 at gmail.com>  Thu, 12 Apr 2012 21:55:48
  +0100

  moodle (1.9.9.dfsg2-5.1) unstable; urgency=low

    * Non-maintainer upload.
    * Fix pending l10n issues. Debconf translations:
      - Danish (Joe Hansen).  Closes: #658747
      - Dutch; (Jeroen Schot).  Closes: #660243
      - Brazilian Portuguese (Adriano Rafael Gomes).  Closes: #668092
      - Italian (Beatrice Torracca).  Closes: #668161

   -- Christian Perrier <bubulle at debian.org>  Tue, 10 Apr 2012 07:36:58
  +0200

  moodle (1.9.9.dfsg2-5) unstable; urgency=high

    * Backporting security fixes from Moodle 1.9.15 and 1.9.16
      (closes: #652235)
       - MSA-11-0054 Personal information leak
       - MSA-11-0045 Potential to masquerade through MNet (CVE-2011-4584)
       - MSA-11-0046 Insecure authentication transmission (CVE-2011-4585)
       - MSA-11-0047 Possible injection attack in Calendar (CVE-2011-4586)
       - MSA-11-0048 Password loss issue (CVE-2011-4587)
       - MSA-11-0049 Network restriction ineffective with MNet (CVE-2011-4588)
       - MSA-12-0007 Email injection prevention (CVE-2012-0796)
       - MSA-12-0006 Additional email address validation (CVE-2012-0795)
       - MSA-12-0005 Encryption enhancement (CVE-2012-0794)
       - MSA-12-0004 Added profile image security (CVE-2012-0793)
       - MSA-12-0003 Added password protection 
       - MSA-12-0002 Personal information leak, previously MSA-11-0040 
         (CVE-2011-4308 and CVE-2012-0792)
       - MSA-12-0001 Recaptcha transmission consistency issue

   -- Tomasz Muras <nexor1984 at gmail.com>  Mon, 27 Feb 2012 21:14:48
  +0000

  moodle (1.9.9.dfsg2-4) unstable; urgency=high

    * Backporting security fixes from Moodle 1.9.13 and 1.9.14
        - MSA-11-0026 Fields in user upload CSV not being escaped (MDL-28360)
        - MSA-11-0025 Group names in user upload CSV not being escaped (MDL-28197)
        - MSA-11-0024 Recaptcha images were being authenticated 
            from an older server (MDL-27889) (closes: #638935)
        - MSA-11-0020 Continue links in error messages can lead offsite (MDL-27464)
        - MSA-11-0038 Database injection protection strengthened (MDL-29033)
        - MSA-11-0037 Course section editing injection vulnerability (MDL-28722)
        - MSA-11-0036 Messaging refresh vulnerability (MDL-29311)
        - MSA-11-0032 MNET SSL validation issue (MDL-29148)
        - MSA-11-0031 Forms API constant issue (MDL-23872)
    * Make sure that smarty & yui symlinks are correct (closes: 603255,614712) 

   -- Tomasz Muras <nexor1984 at gmail.com>  Fri, 28 Oct 2011 13:29:14
  +0100

  moodle (1.9.9.dfsg2-3) unstable; urgency=high

    * Backporting security fixes from Moodle 1.9.11 and 1.9.12
        - MSA-11-0002 Cross-site request forgery vulnerability in RSS block (MDL-18839)
        - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete (MDL-25754)
        - MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information (MDL-26189)
        - MSA-11-0011 Multiple cross-site scripting problems in media filter (MDL-26030)
        - MSA-11-0015 Cross Site Scripting through URL encoding (MDL-26966)
        - MSA-11-0013 Group/Quiz permissions issue (MDL-25122)

   -- Tomasz Muras <nexor1984 at gmail.com>  Wed, 18 May 2011 20:57:59
  +0100

  moodle (1.9.9.dfsg2-2.1) unstable; urgency=low

    * Non-maintainer upload.
    * Fix encoding of Swedish debconf translation.

   -- Christian Perrier <bubulle at debian.org>  Tue, 11 Jan 2011 22:03:44
  +0100

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/moodle/+bug/981920/+subscriptions



More information about the Ubuntu-sponsors mailing list