Bug#522116: marked as done (CVE-2009-1171: File disclosure)

Wed, 01 Apr 2009 23:10:43 -0700 

Your message dated Thu, 02 Apr 2009 05:47:15 +0000
with message-id <e1lpflj-0007lq...@ries.debian.org>
and subject line Bug#522116: fixed in moodle 1.8.2.dfsg-5
has caused the Debian Bug report #522116,
regarding CVE-2009-1171: File disclosure
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
522116: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522116
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: moodle
Severity: grave
Tags: security

Issue:
http://packetstormsecurity.org/0903-exploits/moodle-disclose.txt

Patch:
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5
 
This is CVE-2009-1171

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages moodle depends on:
pn  apache2-mpm-prefork | httpd   <none>     (no description available)
ii  debconf [debconf-2.0]         1.5.26     Debian configuration management sy
pn  libapache2-mod-php5 | php5-cg <none>     (no description available)
pn  mimetex                       <none>     (no description available)
pn  php5-cli                      <none>     (no description available)
pn  php5-curl                     <none>     (no description available)
pn  php5-gd                       <none>     (no description available)
pn  php5-pgsql | php5-mysql       <none>     (no description available)
pn  postgresql-client             <none>     (no description available)
ii  ucf                           3.0018     Update Configuration File: preserv
pn  wwwconfig-common              <none>     (no description available)

Versions of packages moodle recommends:
pn  postgresql | mysql-server     <none>     (no description available)

moodle suggests no packages.

--- End Message ---
--- Begin Message --- 
Source: moodle
Source-Version: 1.8.2.dfsg-5

We believe that the bug you reported is fixed in the latest version of
moodle, which is due to be installed in the Debian FTP archive:

moodle_1.8.2.dfsg-5.diff.gz
  to pool/main/m/moodle/moodle_1.8.2.dfsg-5.diff.gz
moodle_1.8.2.dfsg-5.dsc
  to pool/main/m/moodle/moodle_1.8.2.dfsg-5.dsc
moodle_1.8.2.dfsg-5_all.deb
  to pool/main/m/moodle/moodle_1.8.2.dfsg-5_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 522...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Francois Marier <franc...@debian.org> (supplier of updated moodle package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 02 Apr 2009 18:18:02 +1300
Source: moodle
Binary: moodle
Architecture: source all
Version: 1.8.2.dfsg-5
Distribution: unstable
Urgency: high
Maintainer: Moodle Packaging Team <moodle-packag...@catalyst.net.nz>
Changed-By: Francois Marier <franc...@debian.org>
Description: 
 moodle     - Course Management System for Online Learning
Closes: 522116
Changes: 
 moodle (1.8.2.dfsg-5) unstable; urgency=high
 .
   * Fix arbitrary file disclosure via abusing $$ in LaTeX
     mode if not mimetex is used (CVE-2009-1171; Closes: #522116).
Checksums-Sha1: 
 79e7fb7f7e83ecd31fdcb4569e714e6526b42da3 1362 moodle_1.8.2.dfsg-5.dsc
 c674a8c500b1e1f6ddf506a4cc06ec0f4de40497 49332 moodle_1.8.2.dfsg-5.diff.gz
 755bde2895c8ea54cf750c2c2e6b134d4de12444 8713352 moodle_1.8.2.dfsg-5_all.deb
Checksums-Sha256: 
 9dd7f5432bb0b40f689daa574f46946db00d59b92ad03a35d7cacd40d13ba061 1362 
moodle_1.8.2.dfsg-5.dsc
 7fd9bd457adda86d6fe9f11cf43f2359859542ccae897ad567ed49199b0eb4a4 49332 
moodle_1.8.2.dfsg-5.diff.gz
 d784995e0897b2d01931ed92c62bf8d145d1dc90434e286f8173a375d7f06cdc 8713352 
moodle_1.8.2.dfsg-5_all.deb
Files: 
 3d5bc6707ac5cfa189f04da1eaf26422 1362 web optional moodle_1.8.2.dfsg-5.dsc
 ec4a5866db808d747067586b26ede89d 49332 web optional moodle_1.8.2.dfsg-5.diff.gz
 9ce375792fa0f3461488929c57b368d6 8713352 web optional 
moodle_1.8.2.dfsg-5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknUTKAACgkQScUZKBnQNIaPEQCeKCk9evfdyFkj3attjHqVM9DF
1qAAn2cke/jnI077a7IGpBWCt/J8dXSu
=qJAb
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to