[Bug 981920] Re: Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes

Launchpad Bug Tracker 981920 at bugs.launchpad.net
Sun Apr 15 01:12:08 UTC 2012


Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: moodle (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/981920

Title:
  Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security &
  l10 fixes

Status in “moodle” package in Ubuntu:
  Confirmed

Bug description:
  Please sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable
  (main)

  Changelog entries since current natty version 1.9.9.dfsg2-2:

  moodle (1.9.9.dfsg2-6) unstable; urgency=high

    * Backporting security fixes from Moodle 1.9.17
       - MSA-12-00013 DB activtity export does not respect groups
           (CVE-2012-1155, closes: #668411)

   -- Tomasz Muras <nexor1984 at gmail.com>  Thu, 12 Apr 2012 21:55:48
  +0100

  moodle (1.9.9.dfsg2-5.1) unstable; urgency=low

    * Non-maintainer upload.
    * Fix pending l10n issues. Debconf translations:
      - Danish (Joe Hansen).  Closes: #658747
      - Dutch; (Jeroen Schot).  Closes: #660243
      - Brazilian Portuguese (Adriano Rafael Gomes).  Closes: #668092
      - Italian (Beatrice Torracca).  Closes: #668161

   -- Christian Perrier <bubulle at debian.org>  Tue, 10 Apr 2012 07:36:58
  +0200

  moodle (1.9.9.dfsg2-5) unstable; urgency=high

    * Backporting security fixes from Moodle 1.9.15 and 1.9.16
      (closes: #652235)
       - MSA-11-0054 Personal information leak
       - MSA-11-0045 Potential to masquerade through MNet (CVE-2011-4584)
       - MSA-11-0046 Insecure authentication transmission (CVE-2011-4585)
       - MSA-11-0047 Possible injection attack in Calendar (CVE-2011-4586)
       - MSA-11-0048 Password loss issue (CVE-2011-4587)
       - MSA-11-0049 Network restriction ineffective with MNet (CVE-2011-4588)
       - MSA-12-0007 Email injection prevention (CVE-2012-0796)
       - MSA-12-0006 Additional email address validation (CVE-2012-0795)
       - MSA-12-0005 Encryption enhancement (CVE-2012-0794)
       - MSA-12-0004 Added profile image security (CVE-2012-0793)
       - MSA-12-0003 Added password protection 
       - MSA-12-0002 Personal information leak, previously MSA-11-0040 
         (CVE-2011-4308 and CVE-2012-0792)
       - MSA-12-0001 Recaptcha transmission consistency issue

   -- Tomasz Muras <nexor1984 at gmail.com>  Mon, 27 Feb 2012 21:14:48
  +0000

  moodle (1.9.9.dfsg2-4) unstable; urgency=high

    * Backporting security fixes from Moodle 1.9.13 and 1.9.14
        - MSA-11-0026 Fields in user upload CSV not being escaped (MDL-28360)
        - MSA-11-0025 Group names in user upload CSV not being escaped (MDL-28197)
        - MSA-11-0024 Recaptcha images were being authenticated 
            from an older server (MDL-27889) (closes: #638935)
        - MSA-11-0020 Continue links in error messages can lead offsite (MDL-27464)
        - MSA-11-0038 Database injection protection strengthened (MDL-29033)
        - MSA-11-0037 Course section editing injection vulnerability (MDL-28722)
        - MSA-11-0036 Messaging refresh vulnerability (MDL-29311)
        - MSA-11-0032 MNET SSL validation issue (MDL-29148)
        - MSA-11-0031 Forms API constant issue (MDL-23872)
    * Make sure that smarty & yui symlinks are correct (closes: 603255,614712) 

   -- Tomasz Muras <nexor1984 at gmail.com>  Fri, 28 Oct 2011 13:29:14
  +0100

  moodle (1.9.9.dfsg2-3) unstable; urgency=high

    * Backporting security fixes from Moodle 1.9.11 and 1.9.12
        - MSA-11-0002 Cross-site request forgery vulnerability in RSS block (MDL-18839)
        - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete (MDL-25754)
        - MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information (MDL-26189)
        - MSA-11-0011 Multiple cross-site scripting problems in media filter (MDL-26030)
        - MSA-11-0015 Cross Site Scripting through URL encoding (MDL-26966)
        - MSA-11-0013 Group/Quiz permissions issue (MDL-25122)

   -- Tomasz Muras <nexor1984 at gmail.com>  Wed, 18 May 2011 20:57:59
  +0100

  moodle (1.9.9.dfsg2-2.1) unstable; urgency=low

    * Non-maintainer upload.
    * Fix encoding of Swedish debconf translation.

   -- Christian Perrier <bubulle at debian.org>  Tue, 11 Jan 2011 22:03:44
  +0100

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/moodle/+bug/981920/+subscriptions



More information about the Ubuntu-sponsors mailing list