Hi, Op Tue, Jan 20, 2015 at 05:15:13PM +0100 schreef Moritz Muehlenhoff: > Package: moodle > Severity: grave > Tags: security > Justification: user security hole > > The current Moodle package in the archive is affected by multiple security > issues: > > Cheers, > Moritz > > https://security-tracker.debian.org/tracker/CVE-2015-0218 > https://security-tracker.debian.org/tracker/CVE-2015-0217 > https://security-tracker.debian.org/tracker/CVE-2015-0216 > https://security-tracker.debian.org/tracker/CVE-2015-0215 > https://security-tracker.debian.org/tracker/CVE-2015-0214 > https://security-tracker.debian.org/tracker/CVE-2015-0213 > https://security-tracker.debian.org/tracker/CVE-2015-0212 > https://security-tracker.debian.org/tracker/CVE-2015-0211 > https://security-tracker.debian.org/tracker/CVE-2014-9059 > https://security-tracker.debian.org/tracker/CVE-2014-7848 > https://security-tracker.debian.org/tracker/CVE-2014-7847 > https://security-tracker.debian.org/tracker/CVE-2014-7846 > https://security-tracker.debian.org/tracker/CVE-2014-7845 > https://security-tracker.debian.org/tracker/CVE-2014-7838 > https://security-tracker.debian.org/tracker/CVE-2014-7837 > https://security-tracker.debian.org/tracker/CVE-2014-7836 > https://security-tracker.debian.org/tracker/CVE-2014-7835 > https://security-tracker.debian.org/tracker/CVE-2014-7834 > https://security-tracker.debian.org/tracker/CVE-2014-7833 > https://security-tracker.debian.org/tracker/CVE-2014-7832 > https://security-tracker.debian.org/tracker/CVE-2014-7831 > https://security-tracker.debian.org/tracker/CVE-2014-7830 > https://security-tracker.debian.org/tracker/CVE-2014-4172 > https://security-tracker.debian.org/tracker/CVE-2014-3617 > https://security-tracker.debian.org/tracker/CVE-2014-3553 > https://security-tracker.debian.org/tracker/CVE-2014-3551 > https://security-tracker.debian.org/tracker/CVE-2014-3548 > https://security-tracker.debian.org/tracker/CVE-2014-3547 > https://security-tracker.debian.org/tracker/CVE-2014-3546 > https://security-tracker.debian.org/tracker/CVE-2014-3545 > https://security-tracker.debian.org/tracker/CVE-2014-3544 > https://security-tracker.debian.org/tracker/CVE-2014-3543 > https://security-tracker.debian.org/tracker/CVE-2014-3542 > https://security-tracker.debian.org/tracker/CVE-2014-3541 > https://security-tracker.debian.org/tracker/CVE-2014-2054 > https://security-tracker.debian.org/tracker/CVE-2013-3630
These issues indeed are not listed to be fixed in moodle_2.7.5+dfsg-2 which is currently in unstable. I'll upload a new version which explicitly lists the CVE's fixed in upstream 2.7.5. For the record, on https://security-tracker.debian.org/tracker/source-package/moodle, as of today, only CVE-2014-4172 CVE-2014-2054 CVE-2013-3630 are still listed as unfixed in 2.7.5+dfsg-2. Thanks for your time. Bye, Joost
signature.asc
Description: Digital signature