Your message dated Thu, 26 Jan 2006 12:56:15 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Security bug closed by previous release
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Nov 2005 10:20:00 +0000
>From [EMAIL PROTECTED] Fri Nov 11 02:20:00 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org ([193.22.164.111]
helo=vserver151.vserver151.serverflex.de)
by spohr.debian.org with esmtp (Exim 4.50)
id 1EaW0m-00025F-4X
for [EMAIL PROTECTED]; Fri, 11 Nov 2005 02:20:00 -0800
Received: from wlan-client-304.informatik.uni-bremen.de ([134.102.117.54]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1EaW0j-0001rF-Io
for [EMAIL PROTECTED]; Fri, 11 Nov 2005 11:19:57 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.54)
id 1EaW0Z-0001RK-Rl; Fri, 11 Nov 2005 11:19:47 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: moodle: SQL injection vulnerability
X-Mailer: reportbug 3.17
Date: Fri, 11 Nov 2005 11:19:47 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.117.54
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: moodle
Severity: grave
Tags: security
Justification: user security hole
An SQL injection vulnerability has been found in Moodle. Please
see http://rgod.altervista.org/moodle16dev.html for more information
and a proof-of-concept exploit.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 338592-done) by bugs.debian.org; 26 Jan 2006 11:57:04 +0000
>From [EMAIL PROTECTED] Thu Jan 26 03:57:04 2006
Return-path: <[EMAIL PROTECTED]>
Received: from piedra.unizar.es ([155.210.11.65] ident=root)
by spohr.debian.org with esmtp (Exim 4.50)
id 1F25kN-0000KP-Sm
for [EMAIL PROTECTED]; Thu, 26 Jan 2006 03:57:04 -0800
Received: from [155.210.13.238] ([155.210.13.238])
by piedra.unizar.es (8.13.4/8.13.4) with ESMTP id k0QBumA3006703
for <[EMAIL PROTECTED]>; Thu, 26 Jan 2006 12:56:54 +0100
From: Isaac Clerencia <[EMAIL PROTECTED]>
Organization: Debian
To: [EMAIL PROTECTED]
Subject: Security bug closed by previous release
Date: Thu, 26 Jan 2006 12:56:15 +0100
User-Agent: KMail/1.9.1
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <[EMAIL PROTECTED]>
X-Mail-Scanned: Criba 2.0 + Clamd & Spamassassin
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
Version: 1.5.3+20060108-1
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
