Bug#429339: marked as done (Needs to use libphp-phpmailer)
Your message dated Mon, 09 Feb 2009 21:35:43 + with message-id e1lwdn5-0003db...@ries.debian.org and subject line Bug#429339: fixed in moodle 1.6.3-2+etch1 has caused the Debian Bug report #429339, regarding Needs to use libphp-phpmailer to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 429339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429339 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: moodle Severity: serious Your package includes a copy of PHPMailer, which also is packaged as libphp-phpmailer in the archive. You need to fix your package to use the system-wide library. Otherwise it requires too much overhead whenever a vulnerability in PHPMailer is found. (like right now CVE-2007-3215) -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: lang=de_de.ut...@euro, lc_ctype=de_de.ut...@euro (charmap=UTF-8) ---End Message--- ---BeginMessage--- Source: moodle Source-Version: 1.6.3-2+etch1 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive: moodle_1.6.3-2+etch1.diff.gz to pool/main/m/moodle/moodle_1.6.3-2+etch1.diff.gz moodle_1.6.3-2+etch1.dsc to pool/main/m/moodle/moodle_1.6.3-2+etch1.dsc moodle_1.6.3-2+etch1_all.deb to pool/main/m/moodle/moodle_1.6.3-2+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 429...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier franc...@debian.org (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 17 Dec 2008 14:38:28 +1300 Source: moodle Binary: moodle Architecture: source all Version: 1.6.3-2+etch1 Distribution: stable-security Urgency: high Maintainer: Moodle Packaging Team moodle-packag...@catalyst.net.nz Changed-By: Francois Marier franc...@debian.org Description: moodle - Course Management System for Online Learning Closes: 429190 429339 432264 471158 489533 492492 494642 504235 504345 508593 Changes: moodle (1.6.3-2+etch1) stable-security; urgency=high . * Adopt orphaned package (closes: #494642) . [ Francois Marier ] * Fix vulnerabilities in embedded copy of smarty (CVE-2008-1066, CVE-2008-4811, CVE-2008-4810) (closes: #471158, #504345) * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) * Patch XSS scripting bug in blog/edit (CVE-2008-3326, closes: #492492) * Patch CSRF in edit profile page (CVE-2008-3325) * Patch XSS bug in kses (CVE-2008-1502, closes: #489533) * Patch XSS bug in user search page (CVE-2007-3555, closes: #432264) * Patch security bug in the embedded (and customised) copy of phpmailer (CVE-2007-3215, closes: #429339, #429190) . [ Dan Poltawski ] * Patch SQL injection bug in hotpot module (MSA-08-0010) * Patch privilege escalation bug in moodle core (MSA-08-0001) * Patch CSRF bug in message settings page (MSA-08-0023) * Patch XSS bug in wiki page titles (CVE-2008-5432, closes: #508593) * Patch XSS bug in string cleaning functions (MSA-08-0021) * Patch XSS bug in RSS feeds * Fix parameter cleaning in forum user page * Fix critical security hole which allows any user to reset a users password (MDL-7755) * Fix XSS bug in login block (MDL-8849) * Fix insufficient cleaning of PARAM_HOST (MDL-12793) * Fix XSS bug in logged urls (MDL-11414) * Fix uncleaned params in wiki (MDL-14806) * Fix text cleaning (MDL-10276) Files: d9a1fceaf316b608709be372d97e667a 793 web optional moodle_1.6.3-2+etch1.dsc 2f9f3fcf83ab0f18c409f3a48e07eae2 7465709 web optional moodle_1.6.3.orig.tar.gz d29c179786ca1dcadf232c5e9a601362 24019 web optional moodle_1.6.3-2+etch1.diff.gz 9a5fb5924faa639952c3171665bc347d 6592474 web optional moodle_1.6.3-2+etch1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJSXpJScUZKBnQNIYRAgkFAJ48I/8WdCMlHOtKE/sCCokWC0QoQQCgoAPn tNg4aPFgcra3nrjVkfxD/oA= =XHA/ -END PGP SIGNATURE- ---End Message---
Bug#429339: marked as done (Needs to use libphp-phpmailer)
Your message dated Sat, 03 Jan 2009 19:52:25 + with message-id e1ljcxp-z8...@ries.debian.org and subject line Bug#429339: fixed in moodle 1.6.3-2+etch1 has caused the Debian Bug report #429339, regarding Needs to use libphp-phpmailer to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 429339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429339 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: moodle Severity: serious Your package includes a copy of PHPMailer, which also is packaged as libphp-phpmailer in the archive. You need to fix your package to use the system-wide library. Otherwise it requires too much overhead whenever a vulnerability in PHPMailer is found. (like right now CVE-2007-3215) -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: lang=de_de.ut...@euro, lc_ctype=de_de.ut...@euro (charmap=UTF-8) ---End Message--- ---BeginMessage--- Source: moodle Source-Version: 1.6.3-2+etch1 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive: moodle_1.6.3-2+etch1.diff.gz to pool/main/m/moodle/moodle_1.6.3-2+etch1.diff.gz moodle_1.6.3-2+etch1.dsc to pool/main/m/moodle/moodle_1.6.3-2+etch1.dsc moodle_1.6.3-2+etch1_all.deb to pool/main/m/moodle/moodle_1.6.3-2+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 429...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier franc...@debian.org (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 17 Dec 2008 14:38:28 +1300 Source: moodle Binary: moodle Architecture: source all Version: 1.6.3-2+etch1 Distribution: stable-security Urgency: high Maintainer: Moodle Packaging Team moodle-packag...@catalyst.net.nz Changed-By: Francois Marier franc...@debian.org Description: moodle - Course Management System for Online Learning Closes: 429190 429339 432264 471158 489533 492492 494642 504235 504345 508593 Changes: moodle (1.6.3-2+etch1) stable-security; urgency=high . * Adopt orphaned package (closes: #494642) . [ Francois Marier ] * Fix vulnerabilities in embedded copy of smarty (CVE-2008-1066, CVE-2008-4811, CVE-2008-4810) (closes: #471158, #504345) * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) * Patch XSS scripting bug in blog/edit (CVE-2008-3326, closes: #492492) * Patch CSRF in edit profile page (CVE-2008-3325) * Patch XSS bug in kses (CVE-2008-1502, closes: #489533) * Patch XSS bug in user search page (CVE-2007-3555, closes: #432264) * Patch security bug in the embedded (and customised) copy of phpmailer (CVE-2007-3215, closes: #429339, #429190) . [ Dan Poltawski ] * Patch SQL injection bug in hotpot module (MSA-08-0010) * Patch privilege escalation bug in moodle core (MSA-08-0001) * Patch CSRF bug in message settings page (MSA-08-0023) * Patch XSS bug in wiki page titles (CVE-2008-5432, closes: #508593) * Patch XSS bug in string cleaning functions (MSA-08-0021) * Patch XSS bug in RSS feeds * Fix parameter cleaning in forum user page * Fix critical security hole which allows any user to reset a users password (MDL-7755) * Fix XSS bug in login block (MDL-8849) * Fix insufficient cleaning of PARAM_HOST (MDL-12793) * Fix XSS bug in logged urls (MDL-11414) * Fix uncleaned params in wiki (MDL-14806) * Fix text cleaning (MDL-10276) Files: d9a1fceaf316b608709be372d97e667a 793 web optional moodle_1.6.3-2+etch1.dsc 2f9f3fcf83ab0f18c409f3a48e07eae2 7465709 web optional moodle_1.6.3.orig.tar.gz d29c179786ca1dcadf232c5e9a601362 24019 web optional moodle_1.6.3-2+etch1.diff.gz 9a5fb5924faa639952c3171665bc347d 6592474 web optional moodle_1.6.3-2+etch1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJSXpJScUZKBnQNIYRAgkFAJ48I/8WdCMlHOtKE/sCCokWC0QoQQCgoAPn tNg4aPFgcra3nrjVkfxD/oA= =XHA/ -END PGP SIGNATURE- ---End Message---
Bug#429339: marked as done (Needs to use libphp-phpmailer)
Your message dated Fri, 07 Nov 2008 03:02:12 + with message-id [EMAIL PROTECTED] and subject line Bug#429339: fixed in moodle 1.8.2-2 has caused the Debian Bug report #429339, regarding Needs to use libphp-phpmailer to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 429339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429339 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: moodle Severity: serious Your package includes a copy of PHPMailer, which also is packaged as libphp-phpmailer in the archive. You need to fix your package to use the system-wide library. Otherwise it requires too much overhead whenever a vulnerability in PHPMailer is found. (like right now CVE-2007-3215) -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8) ---End Message--- ---BeginMessage--- Source: moodle Source-Version: 1.8.2-2 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive: moodle_1.8.2-2.diff.gz to pool/main/m/moodle/moodle_1.8.2-2.diff.gz moodle_1.8.2-2.dsc to pool/main/m/moodle/moodle_1.8.2-2.dsc moodle_1.8.2-2_all.deb to pool/main/m/moodle/moodle_1.8.2-2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier [EMAIL PROTECTED] (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 07 Nov 2008 08:24:28 +1300 Source: moodle Binary: moodle Architecture: source all Version: 1.8.2-2 Distribution: unstable Urgency: high Maintainer: Moodle Packaging Team [EMAIL PROTECTED] Changed-By: Francois Marier [EMAIL PROTECTED] Description: moodle - Course Management System for Online Learning Closes: 408995 417554 425839 429190 429339 432264 469094 471158 488525 489533 489634 492492 494642 496069 504235 504345 Changes: moodle (1.8.2-2) unstable; urgency=high . * Adopt orphaned package (closes: #494642) * Acknowledge security NMU (closes: #489533, #432264) * Add Vcs-* fields to debian/control . Release-critical and security bugs: . * Depend on smarty instead of using the embedded copy that is shipped with Moodle (closes: #471158, #488525, #504345) * Patch security bug in the embedded (and customised) copy of phpmailer (CVE-2007-3215, closes: #429339, #429190) * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492) * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069) . Trivial bug fixes: . * Depend on zip (closes: #408995) * Add mysql-client as an alternative to postgresql-client (closes: #417554, #469094) * Recommend php5-ldap (closes: #425839) * Delete unnecessary script with bashisms (closes: #489634) . Lintian warnings: . * Bump Standards-Version to 3.8.0 * Add homepage field to debian/control * Remove cvsignore file * Remove extra license file * Depend on yui instead of using an embedded copy Checksums-Sha1: daf13cdf8d4668c46365f678968bbb2c84934e65 1290 moodle_1.8.2-2.dsc e934a6b64f288cc38d5809ae76636b88d16111eb 32631 moodle_1.8.2-2.diff.gz 177b366cfd49707798ed845863713a5d52673685 8718370 moodle_1.8.2-2_all.deb Checksums-Sha256: c4b10049b4bef931e10d0e87486b461b79eba70beda9ee9073dcec21afff7e05 1290 moodle_1.8.2-2.dsc 33e6e22760c5c3020424cde82f95692682c35eba9a37bf7458c64d7c6e33c431 32631 moodle_1.8.2-2.diff.gz 0d22b24a138ea0973a712e64498e84bf087cc331121c874e0a88f1fc00747564 8718370 moodle_1.8.2-2_all.deb Files: 9fcb7910c4099f2fdf1ee6c67891b26f 1290 web optional moodle_1.8.2-2.dsc 0e46220e6103330bd550f56adbada9ca 32631 web optional moodle_1.8.2-2.diff.gz 5eb75a2055f1eb1c1c585bdfa878cda9 8718370 web optional moodle_1.8.2-2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkTrjEACgkQScUZKBnQNIZoBACdHVn3xycw0rx1TgSCBZtI4o2d N3kAoINsZZa5NV5ss9g2ljKg75TtE7pX =Dtcq -END PGP SIGNATURE- ---End