Changelog
moodle (2.7.9+dfsg-1) unstable; urgency=high
* New upstream security release, released July 6, 2015. Note that the upstream
2.7 branch is now supported for security fixes only until May 2017 (LTS).
Security issues fixed:
- MSA-15-0026 Possible phishing when redirecting to external site using
referer header, Reported by Totara, MDL-50688, CVE-2015-3272
- MSA-15-0028 Possible XSS through custom text profile fields in Web
Services, Reported by Marina Glancy, MDL-50130, CVE-2015-3274
- MSA-15-0029 Javascript injection in SCORM module, Reported by Martin
Greenaway, MDL-50614, CVE-2015-3275
See http://www.openwall.com/lists/oss-security/2015/07/13/2 for more details
on these fixed security issues. Some other fixes and improvements:
MDL-50380 - Fixed missing parameter error when editing files in wiki;
MDL-50177 - Upgrading assignments in 2.7/2.8 works even when conditional
access is used; MDL-50275 - Added missing version bump after risk bitmap
change in MDL-49941. See the Moodle 2.7.9 release notes at
https://docs.moodle.org/dev/Moodle_2.7.9_release_notes for more details.
Thanks Salvatore Bonaccorso. Closes: #792242
* debian/changelog: fix line length: max 80 columns.
-- Joost van Baal-Ilić <email address hidden> Thu, 16 Jul 2015 15:44:09 +0200
