On 31/10/10 15:37, Adam D. Barratt wrote: > On Sat, 2010-10-30 at 13:18 +0100, Tomasz Muras wrote: >> Please unblock package moodle >> >> This version contains only updated translations and security >> patches ported from the latest upstream release: 1.9.10. > > Are these: > > + - Added patch for MDL-24523: > + clean_text() not filtering text in markdown format > [...] > + - Added patch for MDL-24258: > + students can delete their forum posts later than $CFG->maxeditingtime > + under certain conditions > + - Added patch for MDL-23377: > + Can't delete quiz attempts in course without enrolled students > > really security fixes? They don't obviously seem to correspond to any > of the items listed on http://moodle.org/security/ ; unfortunately both > the Moodle issue tracker and the archives of the security announcement > list appear to be restricted.
That is correct. All those 3 patches are security fixes, although marked as minor by Moodle. I think this is the reason for not putting them on http://moodle.org/security. > (On a side note, embedded libraries suck, particularly when the updates > to them contain loads of whitespace changes and code rearrangement). I know - I have even created a minimal patch but in the end I've dropped it. I think it's safer to create a patch to get in the exactly the same code as upstream library. They know their code much better than I ever will. Tomek -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ccd9e88.50...@gmail.com
