Control: retitle -1 tpu: package moodle/2.2.3.dfsg-2.6~wheezy2 (CC'ing the security team for information)
Hi Thomasz, and thanks for this upload proposal, Le mardi, 15 janvier 2013 22.35:54, Tomasz Muras a écrit : > Please unblock package moodle > > I am about to get new version of the package uploaded to > testing-proposed-updates. The new version fixes a security issues from > upstream release. I will sponsor this upload once and if it gets accepted by the release team. > diff -Nru moodle-2.2.3.dfsg/debian/changelog > moodle-2.2.3.dfsg/debian/changelog > --- moodle-2.2.3.dfsg/debian/changelog 2012-12-31 18:26:26.000000000 > +0100 > +++ moodle-2.2.3.dfsg/debian/changelog 2013-01-15 22:29:57.000000000 > +0100 > @@ -1,3 +1,17 @@ > +moodle (2.2.3.dfsg-2.6~wheezy2) testing-proposed-updates; urgency=low > + > + * Backport security issues from upstream Moodle 2.2.7. > + * MSA-13-0009: MDL-37467 - blog posts available via RSS after > blogging disabled > + * MSA-13-0007: MDL-36600 - course message sending CSRF > + * MSA-13-0001: MDL-37283 - lack of sanitization for google > spellchecker + * MSA-13-0003: MDL-36977 - moodle backup paths not > validated properly + * MSA-13-0002: MDL-27619 - teachers can set > outcomes to be standard when re-editing > + * MSA-13-0004: MDL-33340 - activity report showing lastaccess even > if field hidden > + * MSA-13-0008: MDL-36620 - guest users can access RSS feed for site > level blogs > + * MSA-13-0005: MDL-35991 - open redirect issues > + > + -- Tomasz Muras <nexor1...@gmail.com> Tue, 15 Jan 2013 20:43:50 +0100 > + Please include the CVEs in the changelog entry, as done for the latest entry: they are important for security problems tracking. They are available in the mail I forwarded to you in private. (CVE-2012-6098 to CVE-2012-6106). Please also prepare an update of Moodle 2.2.6+ for unstable to ensure that unstable gets the fixes targetted for Wheezy too. As unstable already diverged from the wheezy version, I think updating the unstable packaging to the latest 2.2 version is safe. I will also sponsor this version (after review, of course). Cheers, OdyX -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org