Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

2010-10-12 Thread Florian Weimer
* Michael Gilbert: > The problem here appears to be the jump to the new upstream version > (1.8.2 to 1.8.13), which has a different dependency set. The actual problem was that the dependency set was initially different (it included additional, incorrect dependencies). This was corrected, and upg

Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

2010-10-11 Thread Michael Gilbert
On Mon, 11 Oct 2010 10:39:37 -0500, Jordon Bedwell wrote: > On Mon, 2010-10-11 at 11:15 -0400, Michael Gilbert wrote: > > I highly doubt that there is anything malicious going on here, and there > > is always the "Debian does not hide problems" mantra. The simplest, > > and most-likely explanation

Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

2010-10-11 Thread Jordon Bedwell
On Mon, 2010-10-11 at 11:15 -0400, Michael Gilbert wrote: > I highly doubt that there is anything malicious going on here, and there > is always the "Debian does not hide problems" mantra. The simplest, > and most-likely explanation is that it was easier to update to the new > upstream, rather tha

Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

2010-10-11 Thread Michael Gilbert
On Mon, 11 Oct 2010 09:46:04 -0500, Jordon Bedwell wrote: > On Mon, 2010-10-11 at 10:40 -0400, Michael Gilbert wrote: > > The problem here appears to be the jump to the new upstream version > > (1.8.2 to 1.8.13), which has a different dependency set. New > > upstreams are usually disallowed in sec

Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

2010-10-11 Thread Jordon Bedwell
On Mon, 2010-10-11 at 10:40 -0400, Michael Gilbert wrote: > The problem here appears to be the jump to the new upstream version > (1.8.2 to 1.8.13), which has a different dependency set. New > upstreams are usually disallowed in security uploads. The question > is why was that OK in this case, ra

Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

2010-10-11 Thread Michael Gilbert
On Mon, 11 Oct 2010 14:14:41 +0100, Ian Jackson wrote: > Florian Weimer writes ("[SECURITY] [DSA-2115-2] New moodle packages fix > several vulnerabilities"): > > DSA-2115-1 introduced a regression because it lacked a dependency on > > the wwwconfig-common packa

Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

2010-10-11 Thread Ian Jackson
Florian Weimer writes ("[SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities"): > DSA-2115-1 introduced a regression because it lacked a dependency on > the wwwconfig-common package, leading to installations problems. This > update addresses this issue.

Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

2010-10-10 Thread post
Sehr geehrte Damen und Herren, leider ist mein Büro im Zeitraum vom 04.10. bis zum 10.10. nicht besetzt. Ihre Nachricht wird nicht weitergeleitet. Sie erreichen mich in dringenden Fällen unter der Mobilfunknummer: 0170-98 91 243 Mit freundlichen Grüßen, Florian Michel -- Heliomedia Dipl.-Infor