Bug#576189: moodle: upstream security fixes released

Thu, 01 Apr 2010 04:51:57 -0700 

Package: moodle
Version: 1.8.2.dfsg-3+lenny3
Severity: important
Tags: security
Justification: user security hole


Moodle 1.8.12 release notes
>From MoodleDocs

Release date: 27th March 2010 
 Security issues

    * MSA-10-0001 Vulnerability in KSES text cleaning
    * MSA-10-0002 XSS vulnerabilty in the phpcas module
    * MSA-10-0003 Disclosure of full user names
    * MSA-10-0005 Incorrect validation of forms data
    * MSA-10-0006 SQL injection in Wiki module
    * MSA-10-0007 Reflective Cross Site Scripting (XSS) in the Moodle Global 
Search Engine
    * MSA-10-0008 Persistent XSS when using Login-as feature
    * MSA-10-0009 Session fixation prevention now turned on by default 

http://docs.moodle.org/en/Moodle_1.8.12_release_notes

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (900, 'stable'), (200, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE= (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages moodle depends on:
ii  apache2-mpm-prefor 2.2.9-10+lenny6       Apache HTTP Server - traditional n
ii  debconf [debconf-2 1.5.24                Debian configuration management sy
ii  libapache2-mod-php 5.2.6.dfsg.1-1+lenny8 server-side, HTML-embedded scripti
ii  mimetex            1.50-1+lenny1         LaTeX math expressions to anti-ali
ii  mysql-client-5.0 [ 5.0.51a-24+lenny3     MySQL database client binaries
ii  php5-cli           5.2.6.dfsg.1-1+lenny8 command-line interpreter for the p
ii  php5-curl          5.2.6.dfsg.1-1+lenny8 CURL module for php5
ii  php5-gd            5.2.6.dfsg.1-1+lenny8 GD module for php5
ii  php5-mysql         5.2.6.dfsg.1-1+lenny8 MySQL module for php5
ii  smarty             2.6.20-1.2            Template engine for PHP
ii  ucf                3.0016                Update Configuration File: preserv
ii  wwwconfig-common   0.1.2                 Debian web auto configuration
ii  yui                2.5.0-1               Yahoo User Interface Library
ii  zip                2.32-1                Archiver for .zip files

Versions of packages moodle recommends:
ii  mysql-server-5.0 [ 5.0.51a-24+lenny3     MySQL database server binaries
ii  php5-ldap          5.2.6.dfsg.1-1+lenny8 LDAP module for php5

moodle suggests no packages.

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to