moodle 1.8.2-1.2ubuntu2.1 source package in Ubuntu


moodle (1.8.2-1.2ubuntu2.1) intrepid-security; urgency=low

  * SECURITY UPDATE: backported upstream fixes from Moodle 1.8.9 and earlier.
    - CVE-2008-4796_snoopy.dpatch: did not escape shell characters when
      using https (MSA-09-0003).
    - msa090006_CVE-2009-0501_calendar.dpatch: do not expose usernames via
      calendar export errors.
    - CVE-2007-3215_phpmailer.dpatch: escape sender email address when
      calling sendmail.
    - html2text-update.dpatch: html cleaning improved (MSA-08-0026,
    - CVE-2008-5432_wiki.dpatch: escape wiki titles in recent changes
      list (MSA-08-0022).
    - msa080010_hotpot.dpatch: block SQL injections in HotPot reports
      (MSA-08-0010, CVE-2008-6124).
    - msa080004_install.dpatch: stop XSS in unconfigured installs.
    - msa08003_login-as.dpatch: correctly validate permissions when attempting
      to switch users.
    - msa080015_deleted-user-profiles.dpatch: do not display deleted user
    - msa080021_text-cleaning.dpatch: stop XSS in certain string format
    - msa080023_message-csrf.dpatch: require sessionkey for instant messages
      to stop CSRF.
    - mdl11759_group-creation.dpatch: stop XSS in group creation.
    - MDL-9288_mnet.dpatch: correct escape users names in mnet.
    - MDL-11857_restore.dpatch: stop SQL injection from restore.
    - mdl12079_essayquestions.dpatch: block XSS in essay questions.
    - mdl12793_PARAM_HOST.dpatch: block XSS in host parameter.
    - mdl14806_wiki-params.dpatch: block XSS in wiki parameters.
    - msa090001.dpatch: allow removal of deleted-user pictures.
    - msa090002.dpatch: block access to deleted-user pictures.
    - msa090004.dpatch: stop XSS in "login as" (CVE-2009-0502).
    - msa090007{,_cleanup-prep}.dpatch: add more input validation to
      prevent XSS via inputs (CVE-2009-0500).
    - msa090008.dpatch: add session key to forum actions to stop CSRF
    - CVE-2009-1171.dpatch: blacklist TeX functions that allow arbitrary file
      inclusion (MSA-09-0009, CVE-2009-1171).
  * SECURITY UPDATE: Smarty template processor security fixes.
    - smarty_dollar_sign.dpatch: stop php execution via templates
      (CVE-2008-4810, CVE-2008-4811).
    - smarty_math_backticks.dpatch: stop backtick processing in math
      expressions (CVE-2009-1669).
  * SECURITY UPDATE: remove unsafe and unused SpellChecker extension.
    - debian/rules: remove SpellChecker (CVE-2008-5153).

 -- Kees Cook <email address hidden>   Fri, 19 Jun 2009 16:50:43 -0700

Upload details

Uploaded by:
Kees Cook on 2009-06-23
Uploaded to:
Original maintainer:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section


Intrepid: [FULLYBUILT] i386


File Size SHA-256 Checksum
moodle_1.8.2.orig.tar.gz 9.7 MiB ee9f623521065bd109e2b1a6f68179f949b2e76f79e6705179811529ad031aab
moodle_1.8.2-1.2ubuntu2.1.diff.gz 47.0 KiB 714bcd9f3bae4a7b38b0a7e31623929d571774f69633d2fbf884a5bf996e015a
moodle_1.8.2-1.2ubuntu2.1.dsc 1.1 KiB 600dd88a0cf12e6e35c6db21d7a1bf2e14fe80f184c8cf033b981cc8584b2afa

View changes file

Binary packages built by this source

moodle: No summary available for moodle in ubuntu intrepid.

No description available for moodle in ubuntu intrepid.