Your message dated Sat, 30 Sep 2006 05:02:16 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#390294: fixed in moodle 1.6.2+20060930-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: moodle
Version: 1.6.2-1
Severity: critical
Justification: serious security hole; SQL injection
Tags: security patch
----- Forwarded message from Martin Dougiamas <[EMAIL PROTECTED]> -----
To: [EMAIL PROTECTED]
Subject: Security vulnerability found in Moodle 1.6 (blog/index.php)
Date: Sat, 30 Sep 2006 05:56:49 +0800
From: Martin Dougiamas <[EMAIL PROTECTED]>
Reply-To: Do not reply to this email <[EMAIL PROTECTED]>
X-Mailer: PHPMailer [version Moodle 2006050521]
Hi, Moodlers!
You are receiving this email because you chose to receive notifications from
moodle.org when you registered your Moodle site.
We would like you to know that a serious security vulnerability was just
discovered in all versions of Moodle 1.6 and later that allows SQL injection.
A quick one-line fix has already been added to CVS to patch this problem for
1.6.x and 1.7 versions.
Please update your servers using CVS as soon as possible, or edit the file
blog/index.php in your copy manually as described here:
http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3 [
http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3 ]
We'll also be releasing a Moodle 1.6.3 soon (but don't wait for it, patch your
servers NOW!)
Cheers and thanks for using Moodle,
Martin Dougiamas (Moodle Lead)
----- End forwarded message -----
--
Pelle
--- End Message ---
--- Begin Message ---
Source: moodle
Source-Version: 1.6.2+20060930-1
We believe that the bug you reported is fixed in the latest version of
moodle, which is due to be installed in the Debian FTP archive:
moodle_1.6.2+20060930-1.diff.gz
to pool/main/m/moodle/moodle_1.6.2+20060930-1.diff.gz
moodle_1.6.2+20060930-1.dsc
to pool/main/m/moodle/moodle_1.6.2+20060930-1.dsc
moodle_1.6.2+20060930-1_all.deb
to pool/main/m/moodle/moodle_1.6.2+20060930-1_all.deb
moodle_1.6.2+20060930.orig.tar.gz
to pool/main/m/moodle/moodle_1.6.2+20060930.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Isaac Clerencia <[EMAIL PROTECTED]> (supplier of updated moodle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 30 Sep 2006 12:14:29 +0100
Source: moodle
Binary: moodle
Architecture: source all
Version: 1.6.2+20060930-1
Distribution: unstable
Urgency: high
Maintainer: Isaac Clerencia <[EMAIL PROTECTED]>
Changed-By: Isaac Clerencia <[EMAIL PROTECTED]>
Description:
moodle - Course Management System for Online Learning
Closes: 387609 389806 390294
Changes:
moodle (1.6.2+20060930-1) unstable; urgency=high
.
* Urgency high because it fixes a critical security hole
* New upstream release, closes: #390294, critical security hole
* Notify the user if the selected server isn't installed, select apache2
by default instead of apache, closes: #389806
* Add a configuration section for php5 in apache.conf, closes: #387609
Files:
05068a9b2d142c95c260c39889bb514d 679 web optional moodle_1.6.2+20060930-1.dsc
277ea1f26d5a8de2195834f801910935 7465932 web optional
moodle_1.6.2+20060930.orig.tar.gz
42e166871f8b7b0333d85a8e37fc4c9f 15629 web optional
moodle_1.6.2+20060930-1.diff.gz
94cb4815eeafdbde138f88fd8ed30e18 6528442 web optional
moodle_1.6.2+20060930-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Signed by Isaac Clerencia <[EMAIL PROTECTED]>
iD8DBQFFHlYeQET2GFTmct4RAmzIAJ9BYOG/SjZHD8nKQaQO35ZjGk8x5QCgo7nQ
Q+7q9KhuI6qw3tEOdU5SU+w=
=rUa1
-----END PGP SIGNATURE-----
--- End Message ---
