Francois Marier wrote: > (Please CC me on your replies, thanks!) > > Hello, > > Moodle 1.8.8 was recently released and it fixes a number of security issues > which are present in the current lenny moodle package. > > Attached is a debdiff of the -2 (in lenny) against -3. It fixes all of these > vulnerabilities: > > * Delete unused (but vulnerable) Spellchecker plugin to htmlarea > (MSA-09-0005, CVE-2008-5153) > * Hide images of deleted users (MSA-09-0001) > * Fix user pix disclosure (MSA-09-0002) > * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004) > * Fix XSS vulnerabilities in logs (MSA-09-0007) > * Fix CSRF vulnerability in forum code (MSA-09-0008) > > After talking to the testing security team, I have uploaded this package to > unstable with the hope that it will be unblocked for lenny.
unblocked Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
