Your message dated Fri, 07 Nov 2008 03:02:12 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#432264: fixed in moodle 1.8.2-2
has caused the Debian Bug report #432264,
regarding XSS vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
432264: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432264
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: moodle
Severity: serious
Tags: security
-------- Original Message --------
Subject: Notice about two security vulnerabilities and Moodle 1.8.2
Resent-Date: Sun, 8 Jul 2007 23:56:15 +0200 (CEST)
Resent-From: Sven Olofsson DSV, SU/KTH <[EMAIL PROTECTED]>
Resent-To: Per Olofsson <[EMAIL PROTECTED]>
Date: Mon, 9 Jul 2007 00:21:56 +0800
From: Martin Dougiamas <[EMAIL PROTECTED]>
Reply-To: Do not reply to this email <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Hi all,
You're receiving this message because you have registered at least one Moodle
site with moodle.org.
We just want to let you know that a couple of XSS (cross-site scripting)
security issues were fixed recently. These could be exploited by a student or
some other user placing malicious links into your Moodle content to gain access
to your account (if you click on them).
The bugs are fixed in Moodle 1.8.2 (available for download) and have been
backported to all recent branches, so at the very least upgrade to the latest
1.6+ or 1.7+. Upgrading is recommended as at least one of these
vulnerabilities has been published widely.
More details on http://security.moodle.org [ http://security.moodle.org ]
Cheers,
Martin (Moodle Lead Developer)
--
Pelle
--- End Message ---
--- Begin Message ---
Source: moodle
Source-Version: 1.8.2-2
We believe that the bug you reported is fixed in the latest version of
moodle, which is due to be installed in the Debian FTP archive:
moodle_1.8.2-2.diff.gz
to pool/main/m/moodle/moodle_1.8.2-2.diff.gz
moodle_1.8.2-2.dsc
to pool/main/m/moodle/moodle_1.8.2-2.dsc
moodle_1.8.2-2_all.deb
to pool/main/m/moodle/moodle_1.8.2-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Francois Marier <[EMAIL PROTECTED]> (supplier of updated moodle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 07 Nov 2008 08:24:28 +1300
Source: moodle
Binary: moodle
Architecture: source all
Version: 1.8.2-2
Distribution: unstable
Urgency: high
Maintainer: Moodle Packaging Team <[EMAIL PROTECTED]>
Changed-By: Francois Marier <[EMAIL PROTECTED]>
Description:
moodle - Course Management System for Online Learning
Closes: 408995 417554 425839 429190 429339 432264 469094 471158 488525 489533
489634 492492 494642 496069 504235 504345
Changes:
moodle (1.8.2-2) unstable; urgency=high
.
* Adopt orphaned package (closes: #494642)
* Acknowledge security NMU (closes: #489533, #432264)
* Add Vcs-* fields to debian/control
.
Release-critical and security bugs:
.
* Depend on smarty instead of using the embedded copy that is shipped
with Moodle (closes: #471158, #488525, #504345)
* Patch security bug in the embedded (and customised) copy of phpmailer
(CVE-2007-3215, closes: #429339, #429190)
* Patch cross-site scripting bug (CVE-2008-3326, closes: #492492)
* Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
* Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069)
.
Trivial bug fixes:
.
* Depend on zip (closes: #408995)
* Add mysql-client as an alternative to postgresql-client
(closes: #417554, #469094)
* Recommend php5-ldap (closes: #425839)
* Delete unnecessary script with bashisms (closes: #489634)
.
Lintian warnings:
.
* Bump Standards-Version to 3.8.0
* Add homepage field to debian/control
* Remove cvsignore file
* Remove extra license file
* Depend on yui instead of using an embedded copy
Checksums-Sha1:
daf13cdf8d4668c46365f678968bbb2c84934e65 1290 moodle_1.8.2-2.dsc
e934a6b64f288cc38d5809ae76636b88d16111eb 32631 moodle_1.8.2-2.diff.gz
177b366cfd49707798ed845863713a5d52673685 8718370 moodle_1.8.2-2_all.deb
Checksums-Sha256:
c4b10049b4bef931e10d0e87486b461b79eba70beda9ee9073dcec21afff7e05 1290
moodle_1.8.2-2.dsc
33e6e22760c5c3020424cde82f95692682c35eba9a37bf7458c64d7c6e33c431 32631
moodle_1.8.2-2.diff.gz
0d22b24a138ea0973a712e64498e84bf087cc331121c874e0a88f1fc00747564 8718370
moodle_1.8.2-2_all.deb
Files:
9fcb7910c4099f2fdf1ee6c67891b26f 1290 web optional moodle_1.8.2-2.dsc
0e46220e6103330bd550f56adbada9ca 32631 web optional moodle_1.8.2-2.diff.gz
5eb75a2055f1eb1c1c585bdfa878cda9 8718370 web optional moodle_1.8.2-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkTrjEACgkQScUZKBnQNIZoBACdHVn3xycw0rx1TgSCBZtI4o2d
N3kAoINsZZa5NV5ss9g2ljKg75TtE7pX
=Dtcq
-----END PGP SIGNATURE-----
--- End Message ---
