[Bug 981920] Re: Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes
Launchpad Bug Tracker
981920 at bugs.launchpad.net
Sun Apr 15 01:12:08 UTC 2012
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: moodle (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/981920
Title:
Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security &
l10 fixes
Status in “moodle” package in Ubuntu:
Confirmed
Bug description:
Please sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable
(main)
Changelog entries since current natty version 1.9.9.dfsg2-2:
moodle (1.9.9.dfsg2-6) unstable; urgency=high
* Backporting security fixes from Moodle 1.9.17
- MSA-12-00013 DB activtity export does not respect groups
(CVE-2012-1155, closes: #668411)
-- Tomasz Muras <nexor1984 at gmail.com> Thu, 12 Apr 2012 21:55:48
+0100
moodle (1.9.9.dfsg2-5.1) unstable; urgency=low
* Non-maintainer upload.
* Fix pending l10n issues. Debconf translations:
- Danish (Joe Hansen). Closes: #658747
- Dutch; (Jeroen Schot). Closes: #660243
- Brazilian Portuguese (Adriano Rafael Gomes). Closes: #668092
- Italian (Beatrice Torracca). Closes: #668161
-- Christian Perrier <bubulle at debian.org> Tue, 10 Apr 2012 07:36:58
+0200
moodle (1.9.9.dfsg2-5) unstable; urgency=high
* Backporting security fixes from Moodle 1.9.15 and 1.9.16
(closes: #652235)
- MSA-11-0054 Personal information leak
- MSA-11-0045 Potential to masquerade through MNet (CVE-2011-4584)
- MSA-11-0046 Insecure authentication transmission (CVE-2011-4585)
- MSA-11-0047 Possible injection attack in Calendar (CVE-2011-4586)
- MSA-11-0048 Password loss issue (CVE-2011-4587)
- MSA-11-0049 Network restriction ineffective with MNet (CVE-2011-4588)
- MSA-12-0007 Email injection prevention (CVE-2012-0796)
- MSA-12-0006 Additional email address validation (CVE-2012-0795)
- MSA-12-0005 Encryption enhancement (CVE-2012-0794)
- MSA-12-0004 Added profile image security (CVE-2012-0793)
- MSA-12-0003 Added password protection
- MSA-12-0002 Personal information leak, previously MSA-11-0040
(CVE-2011-4308 and CVE-2012-0792)
- MSA-12-0001 Recaptcha transmission consistency issue
-- Tomasz Muras <nexor1984 at gmail.com> Mon, 27 Feb 2012 21:14:48
+0000
moodle (1.9.9.dfsg2-4) unstable; urgency=high
* Backporting security fixes from Moodle 1.9.13 and 1.9.14
- MSA-11-0026 Fields in user upload CSV not being escaped (MDL-28360)
- MSA-11-0025 Group names in user upload CSV not being escaped (MDL-28197)
- MSA-11-0024 Recaptcha images were being authenticated
from an older server (MDL-27889) (closes: #638935)
- MSA-11-0020 Continue links in error messages can lead offsite (MDL-27464)
- MSA-11-0038 Database injection protection strengthened (MDL-29033)
- MSA-11-0037 Course section editing injection vulnerability (MDL-28722)
- MSA-11-0036 Messaging refresh vulnerability (MDL-29311)
- MSA-11-0032 MNET SSL validation issue (MDL-29148)
- MSA-11-0031 Forms API constant issue (MDL-23872)
* Make sure that smarty & yui symlinks are correct (closes: 603255,614712)
-- Tomasz Muras <nexor1984 at gmail.com> Fri, 28 Oct 2011 13:29:14
+0100
moodle (1.9.9.dfsg2-3) unstable; urgency=high
* Backporting security fixes from Moodle 1.9.11 and 1.9.12
- MSA-11-0002 Cross-site request forgery vulnerability in RSS block (MDL-18839)
- MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete (MDL-25754)
- MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information (MDL-26189)
- MSA-11-0011 Multiple cross-site scripting problems in media filter (MDL-26030)
- MSA-11-0015 Cross Site Scripting through URL encoding (MDL-26966)
- MSA-11-0013 Group/Quiz permissions issue (MDL-25122)
-- Tomasz Muras <nexor1984 at gmail.com> Wed, 18 May 2011 20:57:59
+0100
moodle (1.9.9.dfsg2-2.1) unstable; urgency=low
* Non-maintainer upload.
* Fix encoding of Swedish debconf translation.
-- Christian Perrier <bubulle at debian.org> Tue, 11 Jan 2011 22:03:44
+0100
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/moodle/+bug/981920/+subscriptions
More information about the Ubuntu-sponsors
mailing list