Your message dated Fri, 22 May 2015 09:36:17 +0000 with message-id <e1yvjnj-0008as...@franck.debian.org> and subject line Bug#785591: fixed in moodle 2.7.8+dfsg-1 has caused the Debian Bug report #785591, regarding moodle: CVE-2015-3174 CVE-2015-3175 CVE-2015-3176 CVE-2015-3177 CVE-2015-3178 CVE-2015-3179 CVE-2015-3180 CVE-2015-3181 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 785591: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785591 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: moodle Version: 2.7.7+dfsg-1 Severity: grave Tags: security upstream fixed-upstream Hi, see http://www.openwall.com/lists/oss-security/2015/05/18/1 for details on the assigned CVEs. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: moodle Source-Version: 2.7.8+dfsg-1 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 785...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Joost van Baal-Ilić <joos...@debian.org> (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 22 May 2015 10:34:59 +0200 Source: moodle Binary: moodle Architecture: source all Version: 2.7.8+dfsg-1 Distribution: unstable Urgency: high Maintainer: Moodle Packaging Team <pkg-moodle-maintain...@lists.alioth.debian.org> Changed-By: Joost van Baal-Ilić <joos...@debian.org> Description: moodle - course management system for online learning Closes: 785591 Changes: moodle (2.7.8+dfsg-1) unstable; urgency=high . * New upstream security release, released 11 May 2015. Note that the upstream 2.7 branch is now supported for security fixes only until May 2017 (LTS). Security issues fixed: - MSA-15-0018: Quiz manual-grading is an XSS risk, but does not declare that, Reported by Hugh Davenport, MDL-49941, CVE-2015-3174 - MSA-15-0019: Possible phishing when redirecting to external site using referer header, Reported by Dingjie Yang, MDL-49179, CVE-2015-3175 - MSA-15-0020: User fullname disclosure through account confirmation link, Reported by: Federico Kirschbaum, MDL-50099, CVE-2015-3176 - MSA-15-0022: Potential XSS risk when returning text entered by student from Web Services, Reported by Eloy Lafuente, MDL-49718, CVE-2015-3178 - MSA-15-0023: Suspended user is able to login when confirming email, Reported by Marina Glancy, MDL-50090, CVE-2015-3179 - MSA-15-0024: User with suspended enrolment can see sections in the navigation tree, Reported by Alex Mitin, MDL-49788, CVE-2015-3180 - MSA-15-0025: Capability to manage own files is not respected in Web Services, Reported by Juan Leyva, MDL-49994, CVE-2015-3181 See http://www.openwall.com/lists/oss-security/2015/05/18/1 for more details on these fixed security issues. Some other fixes: MDL-48187 - Fixed problem with new items automatically marked as extra credit in SWM category in Gradebook; MDL-42449 - Grade category is preserved when duplicating a module; MDL-46746, MDL-47003, MDL-47002 - Atto editor HTML cleaning is less aggressive and more aware of special tags, especially noticeable when pasting text from Word. See the Moodle 2.7.8 release notes at https://docs.moodle.org/dev/Moodle_2.7.8_release_notes for more details. Thanks Salvatore Bonaccorso. Closes: #785591 * debian/watch: fix syntax. Checksums-Sha1: eb9055f163fed3054e9d878e04fdb767e7520850 1718 moodle_2.7.8+dfsg-1.dsc 6470582154e0d7e23ef4ab3dbe2488d6c05869a5 34981459 moodle_2.7.8+dfsg.orig.tar.gz d00d994a2496b41439e53064f86d47ba1b499b4a 72212028 moodle_2.7.8+dfsg-1.debian.tar.xz 66f202c0389e183ee4db42c695310a0c2d705cce 15450552 moodle_2.7.8+dfsg-1_all.deb Checksums-Sha256: 33d08ee85d90c96f42387cffd89e4e4036ce91739ed962d4a5c17a91c41c93af 1718 moodle_2.7.8+dfsg-1.dsc 5afff29f091fda2d58c1fb14ef3275d71a7fb6b04a8dafeae4ef3b5d752710da 34981459 moodle_2.7.8+dfsg.orig.tar.gz 92b635cbd1b2970ce87dbb0494e97db5a7028c367823226a1d0d67778f25312b 72212028 moodle_2.7.8+dfsg-1.debian.tar.xz e0df04a76e8d3c34fa450fdada97fb6ab68f3c44b73d5b75ed289190da9b07fb 15450552 moodle_2.7.8+dfsg-1_all.deb Files: 0180b967a361c103dcacce14d496ff22 1718 web optional moodle_2.7.8+dfsg-1.dsc ddafaae905a4aeb739c06d95f3ce8617 34981459 web optional moodle_2.7.8+dfsg.orig.tar.gz 063fe7d1015a55602accc664cf8a929d 72212028 web optional moodle_2.7.8+dfsg-1.debian.tar.xz 1137629d8c995a83ef7662fb23f02de9 15450552 web optional moodle_2.7.8+dfsg-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVXu1KAAoJEDNRenKl5rDIMqoH/1kovIN17Deq/UtzzG4GEuHA ZXOCZsoVtnq/E/H535QKtjp9lMm2AC1HZBdm3TeIemqWBTQfF+CJWIzLRllCNq4N SX0JDT7W1yfygCMfYrPexu8BkX8fnvdpFAOqz0yUwGaI9is83A+Y3wBrkmrxhi4N s0q24piLb4jBOzNQMROIMQ7TUILdTWR0w6+j7SgbrUQLPXmy/RVPIJhFL6blTPbF ZCZjFNil7Qox1GXCL31Ly1L0clcaaIcGAZNaE/CGREd3E6vF5YYFlDgHhMu3F7MI zxcksBrrvtOHJRA3+GNJqlzBr38A1MROQ5fCT3K/cO9YoIPuw8RMNjUVO+pzSdw= =g4HD -----END PGP SIGNATURE-----
--- End Message ---
