Changelog
moodle (2.7.15+dfsg-1) unstable; urgency=high
* New upstream security release, released 11 July 2016. Security issues fixed:
- MSA-16-0020 (CVE-2016-5013) Text injection in email headers. Reported by
Pierre Guinoiseau. MDL-55069, CVE-2016-5013
See https://docs.moodle.org/dev/Moodle_2.7.14_release_notes for more
details.
Note that the upstream 2.7 branch is supported for security fixes
only until May 2017 (LTS). For the last year, upstream has shipped a
security release every 2nd monday of each odd month; therefore we expect
the next release at Sept 12, 2016.
* debian/changelog: properly document security issues fixed in previous
release 2.7.14.
* debian/{rules,links,control}: no longer use bundled
/u/s/moodle/lib/jquery/jquery-migrate-1.2.1.{,min.}js, but
/usr/share/javascript/jquery-migrate-1.4.1.min.js from package
libjs-jquery-migrate-1 1.4.1-1 as shipped with Debian stretch. Thanks
Jean-Michel Vourgère <nirgal@d.o>.
-- Joost van Baal-Ilić <email address hidden> Tue, 26 Jul 2016 15:37:17 +0200