Bug#775842: [moodle-packaging] Bug#775842: moodle: Multiple security issues

Fri, 13 Feb 2015 06:24:59 -0800 

Hi,

Op Tue, Jan 20, 2015 at 05:15:13PM +0100 schreef Moritz Muehlenhoff:
> Package: moodle
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> The current Moodle package in the archive is affected by multiple security 
> issues:
> 
> Cheers,
>         Moritz
> 
> https://security-tracker.debian.org/tracker/CVE-2015-0218
> https://security-tracker.debian.org/tracker/CVE-2015-0217
> https://security-tracker.debian.org/tracker/CVE-2015-0216
> https://security-tracker.debian.org/tracker/CVE-2015-0215
> https://security-tracker.debian.org/tracker/CVE-2015-0214
> https://security-tracker.debian.org/tracker/CVE-2015-0213
> https://security-tracker.debian.org/tracker/CVE-2015-0212
> https://security-tracker.debian.org/tracker/CVE-2015-0211
> https://security-tracker.debian.org/tracker/CVE-2014-9059
> https://security-tracker.debian.org/tracker/CVE-2014-7848
> https://security-tracker.debian.org/tracker/CVE-2014-7847
> https://security-tracker.debian.org/tracker/CVE-2014-7846
> https://security-tracker.debian.org/tracker/CVE-2014-7845
> https://security-tracker.debian.org/tracker/CVE-2014-7838
> https://security-tracker.debian.org/tracker/CVE-2014-7837
> https://security-tracker.debian.org/tracker/CVE-2014-7836
> https://security-tracker.debian.org/tracker/CVE-2014-7835
> https://security-tracker.debian.org/tracker/CVE-2014-7834
> https://security-tracker.debian.org/tracker/CVE-2014-7833
> https://security-tracker.debian.org/tracker/CVE-2014-7832
> https://security-tracker.debian.org/tracker/CVE-2014-7831
> https://security-tracker.debian.org/tracker/CVE-2014-7830
> https://security-tracker.debian.org/tracker/CVE-2014-4172
> https://security-tracker.debian.org/tracker/CVE-2014-3617
> https://security-tracker.debian.org/tracker/CVE-2014-3553
> https://security-tracker.debian.org/tracker/CVE-2014-3551
> https://security-tracker.debian.org/tracker/CVE-2014-3548
> https://security-tracker.debian.org/tracker/CVE-2014-3547
> https://security-tracker.debian.org/tracker/CVE-2014-3546
> https://security-tracker.debian.org/tracker/CVE-2014-3545
> https://security-tracker.debian.org/tracker/CVE-2014-3544
> https://security-tracker.debian.org/tracker/CVE-2014-3543
> https://security-tracker.debian.org/tracker/CVE-2014-3542
> https://security-tracker.debian.org/tracker/CVE-2014-3541
> https://security-tracker.debian.org/tracker/CVE-2014-2054
> https://security-tracker.debian.org/tracker/CVE-2013-3630

These issues indeed are not listed to be fixed in moodle_2.7.5+dfsg-2 which is
currently in unstable.  I'll upload a new version which explicitly lists the
CVE's fixed in upstream 2.7.5.

For the record, on
https://security-tracker.debian.org/tracker/source-package/moodle, as of today,
only

 CVE-2014-4172
 CVE-2014-2054
 CVE-2013-3630

are still listed as unfixed in 2.7.5+dfsg-2.

Thanks for your time.

Bye,

Joost

Attachment: signature.asc
Description: Digital signature

Reply via email to