moodle 2.7.10+dfsg-1 source package in Ubuntu
Changelog
moodle (2.7.10+dfsg-1) unstable; urgency=high * New upstream security release, released Sept 21, 2015. Note that the upstream 2.7 branch is now supported for security fixes only until May 2017 (LTS). Security issues fixed: - MSA-15-0030: Students can re-attempt answering questions in the lesson, Reported by Eric Eakin, MDL-50516, CVE-2015-5264 - MSA-15-0031: Teacher in forum can still post to "all participants" and groups they are not members of, Reported by David Scotson, MDL-50576, CVE-2015-5272 - MSA-15-0032: Users can delete files uploaded by other users in wiki, Reported by John Provasnik, MDL-48371, CVE-2015-5265 - MSA-15-0033: Meta course synchronisation enrols suspended students as managers for a short period of time, Reported by Brian Winstead, MDL-50744, CVE-2015-5266 - MSA-15-0034: Vulnerability in password recovery mechanism, Reported by Vincent Herbulot (@us3r777), MDL-50860, CVE-2015-5267 - MSA-15-0035: Rating component does not check separate groups, Reported by Juan Leyva, MDL-50173, CVE-2015-5268 - MSA-15-0036: XSS in grouping description, Reported by Marina Glancy, MDL-50709, CVE-2015-5269 See the 21 Sep 2015 post from Marina Glancy at http://www.openwall.com/lists/oss-security/2015/09/21/1 for more details on these fixed security issues. Some other fixes and improvements: MDL-51050 - Forms such as "Create new group" are no longer populated with passwords and usernames by the browsers; MDL-42670 - Recent activity block no longer shows student name when assignment blind marking is on. See https://docs.moodle.org/dev/Moodle_2.7.10_release_notes for more details. Thanks Salvatore Bonaccorso and Thijs Kinkhorst for forwarding the news. Closes: #799634 * debian/source/lintian-overrides: add comment/comment.js, some lib/yuilib/3.15.0/**/*-debug.js and lib/yuilib/2in3/2.9.0/build/yui2-*/*-debug.js files to list of false positives "source-is-missing". Bug #799861 reported against lintian. * debian/copyright: clarify license situation of lib/pear/HTML/QuickForm/DHTMLRulesTableless.php and lib/pear/HTML/QuickForm/Renderer/Tableless.php. Thanks Ondřej Surý and Paul Tagliamonte. Closes: #752615 * debian/control: no longer depend upon libphp-pclzip. This dependency was actually no longer needed since 2.7.5+dfsg-3, when phpexcel got removed. Thanks David Prévot. Closes: #749609 * debian/changelog: fix entry for 2.7.5+dfsg-3 to properly close 746594. See also https://tracker.moodle.org/browse/MDL-45395 . Thanks Dan Poltawski e.a. -- Joost van Baal-Ilić <email address hidden> Mon, 21 Sep 2015 09:52:15 +0200
Upload details
- Uploaded by:
- Moodle Packaging Team
- Uploaded to:
- Sid
- Original maintainer:
- Moodle Packaging Team
- Architectures:
- all
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
moodle_2.7.10+dfsg-1.dsc | 1.7 KiB | 938854a7282e581ddbcb58e90cbb5e2d30abe89f93e3e073ccc70b2cd2358b21 |
moodle_2.7.10+dfsg.orig.tar.gz | 33.4 MiB | 7402c5dd3cd490d7747a6da7955e3de2e99933ede743e7b6cf68d9c02c92fa1b |
moodle_2.7.10+dfsg-1.debian.tar.xz | 68.9 MiB | 460bacfd431b6adc1eab608f0a33640d0be4055f2f2fc3ee626f5752a67fa7f5 |
Available diffs
- diff from 2.7.9+dfsg-1 to 2.7.10+dfsg-1 (28.3 KiB)
No changes file available.
Binary packages built by this source
- moodle: course management system for online learning
Moodle (Modular Object-Oriented Dynamic Learning Environment) is a course
management system - a software package designed to help educators create
quality online courses. One of the main advantages of Moodle over other
systems is a strong grounding in social constructionist pedagogy.