Package: moodle Version: 1.6.2-1 Severity: critical Justification: serious security hole; SQL injection Tags: security patch
----- Forwarded message from Martin Dougiamas <[EMAIL PROTECTED]> ----- To: [EMAIL PROTECTED] Subject: Security vulnerability found in Moodle 1.6 (blog/index.php) Date: Sat, 30 Sep 2006 05:56:49 +0800 From: Martin Dougiamas <[EMAIL PROTECTED]> Reply-To: Do not reply to this email <[EMAIL PROTECTED]> X-Mailer: PHPMailer [version Moodle 2006050521] Hi, Moodlers! You are receiving this email because you chose to receive notifications from moodle.org when you registered your Moodle site. We would like you to know that a serious security vulnerability was just discovered in all versions of Moodle 1.6 and later that allows SQL injection. A quick one-line fix has already been added to CVS to patch this problem for 1.6.x and 1.7 versions. Please update your servers using CVS as soon as possible, or edit the file blog/index.php in your copy manually as described here: http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3 [ http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3 ] We'll also be releasing a Moodle 1.6.3 soon (but don't wait for it, patch your servers NOW!) Cheers and thanks for using Moodle, Martin Dougiamas (Moodle Lead) ----- End forwarded message ----- -- Pelle -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]