moodle 2.7.10+dfsg-1 source package in Ubuntu
Changelog
moodle (2.7.10+dfsg-1) unstable; urgency=high
* New upstream security release, released Sept 21, 2015. Note that the
upstream 2.7 branch is now supported for security fixes only until May 2017
(LTS). Security issues fixed:
- MSA-15-0030: Students can re-attempt answering questions in the lesson,
Reported by Eric Eakin, MDL-50516, CVE-2015-5264
- MSA-15-0031: Teacher in forum can still post to "all participants" and
groups they are not members of, Reported by David Scotson, MDL-50576,
CVE-2015-5272
- MSA-15-0032: Users can delete files uploaded by other users in wiki,
Reported by John Provasnik, MDL-48371, CVE-2015-5265
- MSA-15-0033: Meta course synchronisation enrols suspended students as
managers for a short period of time, Reported by Brian Winstead,
MDL-50744, CVE-2015-5266
- MSA-15-0034: Vulnerability in password recovery mechanism, Reported by
Vincent Herbulot (@us3r777), MDL-50860, CVE-2015-5267
- MSA-15-0035: Rating component does not check separate groups, Reported by
Juan Leyva, MDL-50173, CVE-2015-5268
- MSA-15-0036: XSS in grouping description, Reported by Marina Glancy,
MDL-50709, CVE-2015-5269
See the 21 Sep 2015 post from Marina Glancy at
http://www.openwall.com/lists/oss-security/2015/09/21/1 for more details on
these fixed security issues. Some other fixes and improvements: MDL-51050
- Forms such as "Create new group" are no longer populated with passwords
and usernames by the browsers; MDL-42670 - Recent activity block no longer
shows student name when assignment blind marking is on. See
https://docs.moodle.org/dev/Moodle_2.7.10_release_notes for more details.
Thanks Salvatore Bonaccorso and Thijs Kinkhorst for forwarding the news.
Closes: #799634
* debian/source/lintian-overrides: add comment/comment.js, some
lib/yuilib/3.15.0/**/*-debug.js and
lib/yuilib/2in3/2.9.0/build/yui2-*/*-debug.js files to list of false
positives "source-is-missing". Bug #799861 reported against lintian.
* debian/copyright: clarify license situation of
lib/pear/HTML/QuickForm/DHTMLRulesTableless.php and
lib/pear/HTML/QuickForm/Renderer/Tableless.php. Thanks
Ondřej Surý and Paul Tagliamonte. Closes: #752615
* debian/control: no longer depend upon libphp-pclzip. This dependency was
actually no longer needed since 2.7.5+dfsg-3, when phpexcel got removed.
Thanks David Prévot. Closes: #749609
* debian/changelog: fix entry for 2.7.5+dfsg-3 to properly close 746594.
See also https://tracker.moodle.org/browse/MDL-45395 . Thanks Dan Poltawski
e.a.
-- Joost van Baal-Ilić <email address hidden> Mon, 21 Sep 2015 09:52:15 +0200
Upload details
- Uploaded by:
- Moodle Packaging Team
- Uploaded to:
- Sid
- Original maintainer:
- Moodle Packaging Team
- Architectures:
- all
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| moodle_2.7.10+dfsg-1.dsc | 1.7 KiB | 938854a7282e581ddbcb58e90cbb5e2d30abe89f93e3e073ccc70b2cd2358b21 |
| moodle_2.7.10+dfsg.orig.tar.gz | 33.4 MiB | 7402c5dd3cd490d7747a6da7955e3de2e99933ede743e7b6cf68d9c02c92fa1b |
| moodle_2.7.10+dfsg-1.debian.tar.xz | 68.9 MiB | 460bacfd431b6adc1eab608f0a33640d0be4055f2f2fc3ee626f5752a67fa7f5 |
Available diffs
- diff from 2.7.9+dfsg-1 to 2.7.10+dfsg-1 (28.3 KiB)
No changes file available.
Binary packages built by this source
- moodle: course management system for online learning
Moodle (Modular Object-Oriented Dynamic Learning Environment) is a course
management system - a software package designed to help educators create
quality online courses. One of the main advantages of Moodle over other
systems is a strong grounding in social constructionist pedagogy.
