Changelog
moodle (2.7.16+dfsg-1) unstable; urgency=high
* New upstream security release, released 12 Sept 2016. Security issues fixed:
- MSA-16-0022 (CVE-2016-7038) Web service tokens should be invalidated when
the user password is changed or forced to be changed. Reported by Juan
Leyva. MDL-49026
See https://docs.moodle.org/dev/Moodle_2.7.16_release_notes for more
details. Note that the upstream 2.7 branch is supported for security fixes
only until May 2017 (LTS). For the last year, upstream has shipped a
security release every 2nd monday of each odd month; therefore we expect
next releases at Nov 14, 2016 and Jan 9, 2017.
-- Joost van Baal-Ilić <email address hidden> Mon, 19 Sep 2016 11:31:50 +0200