-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 02 Feb 2015 08:38:14 +0000 Source: moodle Binary: moodle Architecture: source all Version: 2.7.5+dfsg-1 Distribution: unstable Urgency: high Maintainer: Moodle Packaging Team <pkg-moodle-maintain...@lists.alioth.debian.org> Changed-By: Joost van Baal-Ilić <joos...@debian.org> Description: moodle - course management system for online learning Changes: moodle (2.7.5+dfsg-1) unstable; urgency=high . * New upstream security release: Moodle 2.7.5 release notes, Release date: 2 February, 2015: "A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version." "Here is the full list of fixed issues in 2.7.5: https://tracker.moodle.org/issues/?jql=project+%3D+mdl+AND+resolution+%3D+fixed+AND+fixVersion+in+%28%222.7.5%22%29+ORDER+BY+priority+DESC" See also https://docs.moodle.org/dev/Moodle_2.7.5_release_notes . . moodle (2.7.2+dfsg-3) experimental; urgency=medium . * Remove lib/tcpdf/include/sRGB.icc from upstream source since it does not allow modification (usually known as sRGB_IEC61966-2-1_black_scaled.icc). FWIW: this file was not installed by the Moodle 2.6.3 Debian package. * Remove lib/flowplayer/flowplayer.audio-3.2.11.swf since sources missing. * debian/rules: add preliminary target dfsg, with some comments. . moodle (2.7.2-2) experimental; urgency=medium . * debian/control: remove Thijs Kinkhorst from Uploaders, on his request. Thanks Thijs! * debian/source/include-binaries, debian/missing-sources: Added missing sources for - the Flowplayer video player from Flowplayer Ltd (http://flash.flowplayer.org/): flash-release_3_2_18.tar.gz for flowplayer-3.2.18.swf, flash-release_3_2_16.tar.gz for lib/flowplayer/flowplayer.controls-3.2.16.swf. Downloaded from https://github.com/flowplayer/flash/releases. - filter/tex/mimetex.linux and mimetex.freebsd NB: flowplayer-3.2.18.swf, flowplayer.controls-3.2.16.swf, mimetex.linux and mimetex.freebsd are not shipped with the binary Debian package. . moodle (2.7.2-1) unstable; urgency=medium . * This is a semi-public release. * New upstream release, fixing security issues: - MSA-14-0014 Cross-site request forgery possible in Assignment [CVE-2014-0213] - MSA-14-0015 Web service token expiry issue for MoodleMobile [CVE-2014-0214] - MSA-14-0016 Anonymous student identity revealed in Assignment [CVE-2014-0215] - MSA-14-0017 File access issue in HTML block [CVE-2014-0216] - MSA-14-0018 Information leak in courses [CVE-2014-0217] - MSA-14-0019 Reflected XSS in URL downloader repository [CVE-2014-0218] (See https://docs.moodle.org/dev/Moodle_2.7_release_notes#Security_issues) * debian/rules: remove extra license file lib/editor/atto/yui/src/rangy/js/license.txt. * debian/copyright: add MIT license, for Rangy library for the Atto editor. * debian/moodle.lintian-overrides: add embedded-php-library lib/markdown/Markdown.php: we can't use Debian's libmarkdown-php due to incompatibilities. * debian/moodle.lintian-overrides: add embedded-php-library lib/simplepie/library/SimplePie.php: we can't use Debian's libphp-simplepie due to incompatibilities. * debian/moodle.lintian-overrides: add embedded-php-library lib/yuilib/3.15.0/yui/yui-min.js: we can't use Debian's libjs-yui due to incompatibilities. * debian/moodle.lintian-overrides, debian/source/lintian-overrides: change lines like "moodle: embedded-javascript-library lib/editor/tinymce/tiny_mce/3.5.8/tiny_mce.js" in "moodle source: source-is-missing lib/editor/tinymce/tiny_mce/3.5.10/plugins/advimage/langs/en_dlg.js": Moodle _does_ ship (modified) sources. * debian/rules, debian/control: don't use TCPDF library as shipped with moodle (tcpdf_php5 TCPDF 5.9.133 MDL-29283, see lib/tcpdf/readme_moodle.txt), but php-tcpdf as shipped with Debian (6.0.048+dfsg-2~bpo70+1 in wheezy-backports, 6.0.093+dfsg-1 in jessie): create symlink /usr/share/moodle/lib/tcpdf -> /usr/share/php/tcpdf. NB: the file lib/tcpdf/include/sRGB.icc does not allow modification. * debian/source/lintian-overrides: Moodle _does_ ship source of files lib/yuilib/3.15.0/datatype-date-format/lang/datatype-date-format* and other 3.15.0 and 2in3/2.9.0/build files. * debian/source/lintian-overrides: Moodle _does_ ship source of file AMFTester.swf in amf/testclient/AMFTester.mxml. * debian/rules: do not install the Flowplayer video player from Flowplayer Ltd (http://flash.flowplayer.org/): source is missing. * debian/docs: remove tags.txt: only relevant for developers. * debian/control: add myself to uploaders. * debian/control: checked for policy 3.9.6, no changes necessary. Checksums-Sha1: 4366305e765634e8da8309fb557dea2b5eb365e6 1718 moodle_2.7.5+dfsg-1.dsc 647df4fd6f89ebcaa7cc56f94631c4f6ff806350 34949352 moodle_2.7.5+dfsg.orig.tar.gz d271602b083edb3fd761b3cacd922ac1d7895ff0 72216328 moodle_2.7.5+dfsg-1.debian.tar.xz a1deecf1a44f92c75a760ccdc271a63209053bea 15868080 moodle_2.7.5+dfsg-1_all.deb Checksums-Sha256: 1cdc7e90aaf3f4e26f236946d6c158897c251a38b37fc94667dc3f1c55de6c9e 1718 moodle_2.7.5+dfsg-1.dsc 17649f9478046e88fd2ae96e82570aa93cfffeb0a436a0d4b82be42b5c8e76fd 34949352 moodle_2.7.5+dfsg.orig.tar.gz 7e77aa4c49813736ded956afa51d88b834abc30220a256cf07637d020c596307 72216328 moodle_2.7.5+dfsg-1.debian.tar.xz 0678ca184174d5ba4cdbf48bb4604255a145385410582e6056277fcd4a4339e7 15868080 moodle_2.7.5+dfsg-1_all.deb Files: e922c36bbe29d9d07380b76928d2f5ec 1718 web optional moodle_2.7.5+dfsg-1.dsc 16432cc224f62d70bd000a59484a8310 34949352 web optional moodle_2.7.5+dfsg.orig.tar.gz 4c66ad2d8d47ec9808445546387e9fc7 72216328 web optional moodle_2.7.5+dfsg-1.debian.tar.xz 1402cf8e887405cb155ff2a7ce8929c7 15868080 web optional moodle_2.7.5+dfsg-1_all.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUzz23AAoJEDNRenKl5rDI7WgH/328SEKnWYsn4teCI90vqxWA vYBccflxD7FnTmRBJPIzhKdlBUytgj3AS9+iu6HT0oTlUTr9qs+yIxnpzIuZyB7S ualUU+nHuaXxbPPu9/m7Ax9x/ankdzk05Y5O0t5EqxSS47qWEwRzEdZw0XaHKgOz H5f4X839CrhxmmbGYtANN9fBrIX5rXn9o0xfa+RaWbZU7Is29r04b42Rt31EsIwf gUyTvbMGfZDQIOhEecjHM/T89QrWYmYKsnXOoKOXgnp59IINaPXHsfQ24PrYnzS2 gL0E0c5Kl+INNR9sIdji8bJdIGGTjCeVNwZyMYjDoX7VVSjMGSS1ywrReHfMfSE= =novt -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1yiddz-00059g...@franck.debian.org