[Bug 234609] Re: Blank pages in Moodle after install - failed to install php5-mysql
Launchpad Bug Tracker
234609 at bugs.launchpad.net
Thu Feb 26 01:40:07 UTC 2009
This bug was fixed in the package moodle - 1.9.4.dfsg-0ubuntu1
---------------
moodle (1.9.4.dfsg-0ubuntu1) jaunty; urgency=low
* Merge with Debian git (Closes LP: #322961, #239481, #334611):
- use Ubuntu's smarty lib directory for linking
- use internal yui library
- add update-notifier support back in
[Matt Oquist]
* renamed prerm script
* significantly rewrote postinst and other maintainer scripts to improve
user experience and package maintainability
(Closes LP: #225662, #325450, #327843, #303078, #234609)
moodle (1.9.4.dfsg-1) UNRELEASED; urgency=low
* New Upstream Version (closes: #475535, #514284, #515823)
(added notes/ and tag/ to debian/install)
* Merge with Ubuntu:
- drop use of wwwconfig (closes: #389502, #302205)
- debian/postinst: ucf fixes (fixes a hang)
* Remove preinst (no more direct upgrades from sarge)
* Remove PHP4 support from the Apache config file we provide
* Drop support for apache 1.x and remove from debconf
* Add swedish debconf translation (closes: #511202)
* Bump debhelper compatibility to 7
* Add lintian overrides for known customised libraries
* Add new license files to delete (lintian warning)
* Compress the deb with bzip2
* Add a watch file
* Update copyright file
Dependencies:
* Depend on libjs-yui instead of yui (renamed after lenny)
* Add dependency on unzip
* Recommend php5-xmlrpc and aspell
* Suggest clamav
* Demoted mimetex to recommended
Generated config:
* Turn 'dbpersist' on by default in the generated config.php
* Include whitespace warning at the end of generated config.php
* Set the path to du, unzip and zip
moodle (1.8.2.dfsg-4) unstable; urgency=high
* Improve the fix for log URL filtering as suggested by Steffen Joeris
(MSA-09-0007 / CVE-2009-0500)
* Backport upstream fix for calendar export leakage
(MSA-09-0006 / CVE-2009-0501)
moodle (1.8.2.dfsg-3) unstable; urgency=high
* Delete unused (but vulnerable) Spellchecker plugin to htmlarea
(MSA-09-0005, CVE-2008-5153)
* Hide images of deleted users (MSA-09-0001)
* Fix user pix disclosure (MSA-09-0002)
* Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
* Fix XSS vulnerabilities in logs (MSA-09-0007)
* Fix CSRF vulnerability in forum code (MSA-09-0008)
moodle (1.8.2.dfsg-2) unstable; urgency=high
[ Dan Poltawski ]
* Patch SQL injection bug in hotpot module (MSA-08-0010)
* Fix XSS bug in logged urls (MDL-11414)
* Fix XSS bug in install script (MSA-08-0004)
* Fix insufficient access control in Login as feature (MSA-08-0003)
* Profiles of deleted users were accessible allowing for spam (MSA-08-0015)
* Deficincy in text cleaning functions allowed for XSS (MSA-08-0021)
* Fix CSRF in messaging settings (MSA-08-0023)
* Fix anonymous group creation and html injection (MDL-11759)
* Fix SQL injection bug in mnet (MDL-9288)
* Fix SQL injection bug in restore (MDL-11857)
* Insufficient cleaning of essay questions (MDL-12079)
* Fix insufficient cleaning of PARAM_HOST (MDL-12793)
* Fix XSS bug in logged urls (MDL-11414)
* Fix uncleaned params in wiki (MDL-14806)
[ Francois Marier ]
* Update html2text to prevent code execution attacks (closes: #508909)
moodle (1.8.2.dfsg-1) unstable; urgency=high
* Replace html2text with a GPL alternative (closes: #507947)
* Fix XSS in the wiki module (CVE-2008-5432, closes: #508593)
* Add Dan Poltawski to the uploaders field
moodle (1.8.2-2) unstable; urgency=high
* Adopt orphaned package (closes: #494642)
* Acknowledge security NMU (closes: #489533, #432264)
* Add Vcs-* fields to debian/control
Release-critical and security bugs:
* Depend on smarty instead of using the embedded copy that is shipped
with Moodle (closes: #471158, #488525, #504345)
* Patch security bug in the embedded (and customised) copy of phpmailer
(CVE-2007-3215, closes: #429339, #429190)
* Patch cross-site scripting bug (CVE-2008-3326, closes: #492492)
* Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
* Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069)
Trivial bug fixes:
* Depend on zip (closes: #408995)
* Add mysql-client as an alternative to postgresql-client
(closes: #417554, #469094)
* Recommend php5-ldap (closes: #425839)
* Delete unnecessary script with bashisms (closes: #489634)
Lintian warnings:
* Bump Standards-Version to 3.8.0
* Add homepage field to debian/control
* Remove cvsignore file
* Remove extra license file
* Depend on yui instead of using an embedded copy
moodle (1.8.2-1.3) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix broken HTML filtering which could be used to perform XSS attacks,
bypass restrictions or possibly execute arbitrary code
(CVE-2008-1502; Closes: #489533).
-- Jordan Mantha <laserjock at ubuntu.com> Wed, 25 Feb 2009 15:16:22
-0800
** Changed in: moodle (Ubuntu)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-3215
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1502
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3326
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4796
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5153
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5432
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0500
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0501
--
Blank pages in Moodle after install - failed to install php5-mysql
https://bugs.launchpad.net/bugs/234609
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list