Changelog
moodle (1.9.9.dfsg2-2.1+squeeze2) stable-security; urgency=high
* Update prepared by Tomasz Muras:
* Backporting security fixes from Moodle 1.9.13 and 1.9.14
- MSA-11-0026 Fields in user upload CSV not being escaped (MDL-28360)
- MSA-11-0025 Group names in user upload CSV not being escaped (MDL-28197)
- MSA-11-0024 Recaptcha images were being authenticated
from an older server (MDL-27889) (closes: #638935)
- MSA-11-0020 Continue links in error messages can lead offsite (MDL-27464)
- MSA-11-0038 Database injection protection strengthened (MDL-29033)
- MSA-11-0037 Course section editing injection vulnerability (MDL-28722)
- MSA-11-0036 Messaging refresh vulnerability (MDL-29311)
- MSA-11-0032 MNET SSL validation issue (MDL-29148)
- MSA-11-0031 Forms API constant issue (MDL-23872)
* This update also includes a bugfix fixing update problems:
Make sure that smarty & yui symlinks are correct (closes: 603255,614712)
-- Moritz Muehlenhoff <email address hidden> Fri, 04 Nov 2011 18:07:18 +0000