* Thijs Kinkhorst <[EMAIL PROTECTED]> [2008-10-06 12:05:21 CEST]:
> On Mon, October 6, 2008 11:12, Gerfried Fuchs wrote:
> > Copy to debian-release because this question is rather a question to
> > the release team, even though it's extremely late and hope is pretty low
> > ...
> >
> > * Thijs Kink
On Mon, October 6, 2008 11:12, Gerfried Fuchs wrote:
> Hi!
>
>
> Copy to debian-release because this question is rather a question to
> the release team, even though it's extremely late and hope is pretty low
> ...
>
>
> * Thijs Kinkhorst <[EMAIL PROTECTED]> [2008-03-19 20:15:43 CET]:
>
>> On Wedne
Hi!
Copy to debian-release because this question is rather a question to
the release team, even though it's extremely late and hope is pretty low
...
* Thijs Kinkhorst <[EMAIL PROTECTED]> [2008-03-19 20:15:43 CET]:
> On Wednesday 19 March 2008 18:45, Christian Perrier wrote:
> > So, woul
On Wednesday 19 March 2008 18:45, Christian Perrier wrote:
> So, would an NMU *not* covering the security issue interfere with a
> security update ?
>
> Again, I'd be happy to do the ecurity update but I need a patch. I
> tried to have a look at the issue but it requires skills I don't have.
You w
Quoting Christian Perrier ([EMAIL PROTECTED]):
> > That means that there's no immediate security problem fortunately, but that
> > still leaves the problem of removing the embedded smarty code before this
> > package can be released.
> >
> > As only this one file uses it, either removing it fro
Quoting Thijs Kinkhorst ([EMAIL PROTECTED]):
> I've checked this file out in detail, and it doesn't use the vulnerable
> function of this Smarty security bug.
>
> That means that there's no immediate security problem fortunately, but that
> still leaves the problem of removing the embedded smar
On Sunday 16 March 2008 13:36, you wrote:
> Hi Martin,
>
> On Sunday 16 March 2008 12:56, Martin Dougiamas wrote:
> > Actually Moodle doesn't even use smarty (we were going to but we
> > didn't) so this can be completely removed from the code base without
> > any effect. I'll remove it upstream t
Hi Martin,
On Sunday 16 March 2008 12:56, Martin Dougiamas wrote:
> Actually Moodle doesn't even use smarty (we were going to but we
> didn't) so this can be completely removed from the code base without
> any effect. I'll remove it upstream too.
>
> Is it still a security problem to have the sc
Actually Moodle doesn't even use smarty (we were going to but we
didn't) so this can be completely removed from the code base without
any effect. I'll remove it upstream too.
Is it still a security problem to have the script there if we don't use it?
Cheers,
Martin
On 16/03/2008, Thijs Kinkh
Package: moodle
Severity: grave
Tags: security patch
Hi,
A security issue has been discovered in Smarty which is also shipped as part
of Moodle:
| The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used
| by Serendipity (S9Y) and other products, allows attackers to call
| arbitra
10 matches
Mail list logo
