Bug#429339: marked as done (Needs to use libphp-phpmailer)

[Debian Bug Tracking System]

Your message dated Fri, 07 Nov 2008 03:02:12 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#429339: fixed in moodle 1.8.2-2
has caused the Debian Bug report #429339,
regarding Needs to use libphp-phpmailer
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
429339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429339
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: moodle
Severity: serious

Your package includes a copy of PHPMailer, which also is packaged as
libphp-phpmailer in the archive. You need to fix your package
to use the system-wide library. Otherwise it requires too much overhead
whenever a vulnerability in PHPMailer is found. (like right now CVE-2007-3215)

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)

--- End Message ---

--- Begin Message ---

Source: moodle
Source-Version: 1.8.2-2

We believe that the bug you reported is fixed in the latest version of
moodle, which is due to be installed in the Debian FTP archive:

moodle_1.8.2-2.diff.gz
  to pool/main/m/moodle/moodle_1.8.2-2.diff.gz
moodle_1.8.2-2.dsc
  to pool/main/m/moodle/moodle_1.8.2-2.dsc
moodle_1.8.2-2_all.deb
  to pool/main/m/moodle/moodle_1.8.2-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Francois Marier <[EMAIL PROTECTED]> (supplier of updated moodle package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 07 Nov 2008 08:24:28 +1300
Source: moodle
Binary: moodle
Architecture: source all
Version: 1.8.2-2
Distribution: unstable
Urgency: high
Maintainer: Moodle Packaging Team <[EMAIL PROTECTED]>
Changed-By: Francois Marier <[EMAIL PROTECTED]>
Description: 
 moodle     - Course Management System for Online Learning
Closes: 408995 417554 425839 429190 429339 432264 469094 471158 488525 489533 
489634 492492 494642 496069 504235 504345
Changes: 
 moodle (1.8.2-2) unstable; urgency=high
 .
   * Adopt orphaned package (closes: #494642)
   * Acknowledge security NMU (closes: #489533, #432264)
   * Add Vcs-* fields to debian/control
 .
   Release-critical and security bugs:
 .
   * Depend on smarty instead of using the embedded copy that is shipped
     with Moodle (closes: #471158, #488525, #504345)
   * Patch security bug in the embedded (and customised) copy of phpmailer
     (CVE-2007-3215, closes: #429339, #429190)
   * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492)
   * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
   * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069)
 .
   Trivial bug fixes:
 .
   * Depend on zip (closes: #408995)
   * Add mysql-client as an alternative to postgresql-client
     (closes: #417554, #469094)
   * Recommend php5-ldap (closes: #425839)
   * Delete unnecessary script with bashisms (closes: #489634)
 .
   Lintian warnings:
 .
   * Bump Standards-Version to 3.8.0
   * Add homepage field to debian/control
   * Remove cvsignore file
   * Remove extra license file
   * Depend on yui instead of using an embedded copy
Checksums-Sha1: 
 daf13cdf8d4668c46365f678968bbb2c84934e65 1290 moodle_1.8.2-2.dsc
 e934a6b64f288cc38d5809ae76636b88d16111eb 32631 moodle_1.8.2-2.diff.gz
 177b366cfd49707798ed845863713a5d52673685 8718370 moodle_1.8.2-2_all.deb
Checksums-Sha256: 
 c4b10049b4bef931e10d0e87486b461b79eba70beda9ee9073dcec21afff7e05 1290 
moodle_1.8.2-2.dsc
 33e6e22760c5c3020424cde82f95692682c35eba9a37bf7458c64d7c6e33c431 32631 
moodle_1.8.2-2.diff.gz
 0d22b24a138ea0973a712e64498e84bf087cc331121c874e0a88f1fc00747564 8718370 
moodle_1.8.2-2_all.deb
Files: 
 9fcb7910c4099f2fdf1ee6c67891b26f 1290 web optional moodle_1.8.2-2.dsc
 0e46220e6103330bd550f56adbada9ca 32631 web optional moodle_1.8.2-2.diff.gz
 5eb75a2055f1eb1c1c585bdfa878cda9 8718370 web optional moodle_1.8.2-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkTrjEACgkQScUZKBnQNIZoBACdHVn3xycw0rx1TgSCBZtI4o2d
N3kAoINsZZa5NV5ss9g2ljKg75TtE7pX
=Dtcq
-----END PGP SIGNATURE-----

--- End Message ---