Le vendredi, 20 juillet 2012 20.56:21, Tomasz Muras a écrit : > Those are fixes from upstream Moodle 2.2.4, correct? > If so, then I think that some more patches are required, those are not > covered: > MDL-31692 (CVE-2012-3389) > MDL-32126 (CVE-2012-3398) > MDL-33916 (CVE-2012-3388) > MDL-32199 (CVE-2012-3391) > MDL-31460 (CVE-2012-3392) > MDL-32155 (CVE-2012-3390)
Hi Thomas, The patches were directly cherry-picked from upstream's MOODLE_22_STABLE branch, so yes. > We should update your current package & submit it once. Would you like > to update it? (I would be grateful) I most probably won't have time before Wednesday evening but would be willing to get those CVE fixed too. For now, I propose to just let my NMU enter the archive and upload these other CVE fixes later, no? (By the way, this bug should also be fixed in the moodle version in stable.) Cheers, OdyX -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
