Your message dated Sun, 08 Jan 2006 09:33:31 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#346509: fixed in moodle 1.5.3+20060108-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 8 Jan 2006 15:44:48 +0000
>From [EMAIL PROTECTED] Sun Jan 08 07:44:48 2006
Return-path: <[EMAIL PROTECTED]>
Received: from mx.eteo.mondragon.edu ([193.146.78.131])
by spohr.debian.org with esmtp (Exim 4.50)
id 1Evciu-0000sq-Ia
for [EMAIL PROTECTED]; Sun, 08 Jan 2006 07:44:48 -0800
Received: by mx.eteo.mondragon.edu (Postfix, from userid 0)
id 080BCB6A3; Sun, 8 Jan 2006 16:44:43 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
From: Inaki Arenaza <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: moodle: AdoDB security bug, as distributed with Moodle
X-Mailer: reportbug 3.8
Date: Sun, 08 Jan 2006 16:44:43 +0100
Message-Id: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: quoted-printable
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: moodle
Version: 1.5.3-1
Severity: grave
Justification: user security hole
There is a know security bug in the AdoDB libraries distributed as part
of Moodle, in the 1.5.x series at least. This has been fixed in the
1.5.3+ release as of 2006.01.06, as can be seen here:
http://security.moodle.org/mod/forum/discuss.php?d=3D210
Saludos. I=F1aki.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.11.10
Locale: LANG=3DC, LC_CTYPE=3DC (charmap=3DANSI_X3.4-1968)
Versions of packages moodle depends on:
ii apache [httpd] 1.3.33-6sarge1 versatile, high-performance =
HTTP s
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration managem=
ent sy
ii mimetex 1.50-1 LaTeX math expressions to an=
ti-ali
ii php4 4:4.3.10-16 server-side, HTML-embedded s=
cripti
ii php4-gd 4:4.3.10-16 GD module for php4
ii php4-mysql 4:4.3.10-16 MySQL module for php4
ii wget 1.9.1-12 retrieves files from the web
ii wwwconfig-common 0.0.43 Debian web auto configuratio=
n
-- debconf information excluded
---------------------------------------
Received: (at 346509-close) by bugs.debian.org; 8 Jan 2006 17:41:16 +0000
>From [EMAIL PROTECTED] Sun Jan 08 09:41:16 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EveQ7-0001Bv-Id; Sun, 08 Jan 2006 09:33:31 -0800
From: Isaac Clerencia <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#346509: fixed in moodle 1.5.3+20060108-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 08 Jan 2006 09:33:31 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 3
Source: moodle
Source-Version: 1.5.3+20060108-1
We believe that the bug you reported is fixed in the latest version of
moodle, which is due to be installed in the Debian FTP archive:
moodle_1.5.3+20060108-1.diff.gz
to pool/main/m/moodle/moodle_1.5.3+20060108-1.diff.gz
moodle_1.5.3+20060108-1.dsc
to pool/main/m/moodle/moodle_1.5.3+20060108-1.dsc
moodle_1.5.3+20060108-1_all.deb
to pool/main/m/moodle/moodle_1.5.3+20060108-1_all.deb
moodle_1.5.3+20060108.orig.tar.gz
to pool/main/m/moodle/moodle_1.5.3+20060108.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Isaac Clerencia <[EMAIL PROTECTED]> (supplier of updated moodle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 8 Jan 2006 17:09:57 +0100
Source: moodle
Binary: moodle
Architecture: source all
Version: 1.5.3+20060108-1
Distribution: unstable
Urgency: low
Maintainer: Isaac Clerencia <[EMAIL PROTECTED]>
Changed-By: Isaac Clerencia <[EMAIL PROTECTED]>
Description:
moodle - Course Management System for Online Learning
Closes: 342304 345930 346509
Changes:
moodle (1.5.3+20060108-1) unstable; urgency=low
.
* New package created from 1.5.3+ branch, which closes: #346509, a
security bug in the ADODB code included in Moodle
* Check for /usr/share/moodle/admin/cron.php existence in the cronjob,
closes: #342304
* Use php4-cli instead of wget to run the cronjob, closes: #345930
Files:
42a7a158d386b47ebbec8eba9f606c7b 660 web optional moodle_1.5.3+20060108-1.dsc
1c9a633b7f18d6e78f57c2c091e64e8b 14987969 web optional
moodle_1.5.3+20060108.orig.tar.gz
58ba6e218482efa66021f133e2a82eb2 11971 web optional
moodle_1.5.3+20060108-1.diff.gz
31b2ac554503fb07af962afef0f0e959 14178582 web optional
moodle_1.5.3+20060108-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Signed by Isaac Clerencia <[EMAIL PROTECTED]>
iD4DBQFDwTv7QET2GFTmct4RAlAzAJ4pvSwVgnsjmAmYVYeL5xUKEFu9GACXZN1W
vH5LW3DUS0B5oM+zhCNQ2w==
=mGcp
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
