thank you. moodle is most excellent.md On Wed, Feb 25, 2009 at 8:40 PM, Launchpad Bug Tracker < [email protected]> wrote:
> This bug was fixed in the package moodle - 1.9.4.dfsg-0ubuntu1 > > --------------- > moodle (1.9.4.dfsg-0ubuntu1) jaunty; urgency=low > > * Merge with Debian git (Closes LP: #322961, #239481, #334611): > - use Ubuntu's smarty lib directory for linking > - use internal yui library > - add update-notifier support back in > > [Matt Oquist] > * renamed prerm script > * significantly rewrote postinst and other maintainer scripts to improve > user experience and package maintainability > (Closes LP: #225662, #325450, #327843, #303078, #234609) > > moodle (1.9.4.dfsg-1) UNRELEASED; urgency=low > > * New Upstream Version (closes: #475535, #514284, #515823) > (added notes/ and tag/ to debian/install) > * Merge with Ubuntu: > - drop use of wwwconfig (closes: #389502, #302205) > - debian/postinst: ucf fixes (fixes a hang) > > * Remove preinst (no more direct upgrades from sarge) > * Remove PHP4 support from the Apache config file we provide > * Drop support for apache 1.x and remove from debconf > * Add swedish debconf translation (closes: #511202) > > * Bump debhelper compatibility to 7 > * Add lintian overrides for known customised libraries > * Add new license files to delete (lintian warning) > * Compress the deb with bzip2 > * Add a watch file > * Update copyright file > > Dependencies: > * Depend on libjs-yui instead of yui (renamed after lenny) > * Add dependency on unzip > * Recommend php5-xmlrpc and aspell > * Suggest clamav > * Demoted mimetex to recommended > > Generated config: > * Turn 'dbpersist' on by default in the generated config.php > * Include whitespace warning at the end of generated config.php > * Set the path to du, unzip and zip > > moodle (1.8.2.dfsg-4) unstable; urgency=high > > * Improve the fix for log URL filtering as suggested by Steffen Joeris > (MSA-09-0007 / CVE-2009-0500) > * Backport upstream fix for calendar export leakage > (MSA-09-0006 / CVE-2009-0501) > > moodle (1.8.2.dfsg-3) unstable; urgency=high > > * Delete unused (but vulnerable) Spellchecker plugin to htmlarea > (MSA-09-0005, CVE-2008-5153) > * Hide images of deleted users (MSA-09-0001) > * Fix user pix disclosure (MSA-09-0002) > * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004) > * Fix XSS vulnerabilities in logs (MSA-09-0007) > * Fix CSRF vulnerability in forum code (MSA-09-0008) > > moodle (1.8.2.dfsg-2) unstable; urgency=high > > [ Dan Poltawski ] > * Patch SQL injection bug in hotpot module (MSA-08-0010) > * Fix XSS bug in logged urls (MDL-11414) > * Fix XSS bug in install script (MSA-08-0004) > * Fix insufficient access control in Login as feature (MSA-08-0003) > * Profiles of deleted users were accessible allowing for spam > (MSA-08-0015) > * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021) > * Fix CSRF in messaging settings (MSA-08-0023) > * Fix anonymous group creation and html injection (MDL-11759) > * Fix SQL injection bug in mnet (MDL-9288) > * Fix SQL injection bug in restore (MDL-11857) > * Insufficient cleaning of essay questions (MDL-12079) > * Fix insufficient cleaning of PARAM_HOST (MDL-12793) > * Fix XSS bug in logged urls (MDL-11414) > * Fix uncleaned params in wiki (MDL-14806) > > [ Francois Marier ] > * Update html2text to prevent code execution attacks (closes: #508909) > > moodle (1.8.2.dfsg-1) unstable; urgency=high > > * Replace html2text with a GPL alternative (closes: #507947) > * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593) > * Add Dan Poltawski to the uploaders field > > moodle (1.8.2-2) unstable; urgency=high > > * Adopt orphaned package (closes: #494642) > * Acknowledge security NMU (closes: #489533, #432264) > * Add Vcs-* fields to debian/control > > Release-critical and security bugs: > > * Depend on smarty instead of using the embedded copy that is shipped > with Moodle (closes: #471158, #488525, #504345) > * Patch security bug in the embedded (and customised) copy of phpmailer > (CVE-2007-3215, closes: #429339, #429190) > * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492) > * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) > * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069) > > Trivial bug fixes: > > * Depend on zip (closes: #408995) > * Add mysql-client as an alternative to postgresql-client > (closes: #417554, #469094) > * Recommend php5-ldap (closes: #425839) > * Delete unnecessary script with bashisms (closes: #489634) > > Lintian warnings: > > * Bump Standards-Version to 3.8.0 > * Add homepage field to debian/control > * Remove cvsignore file > * Remove extra license file > * Depend on yui instead of using an embedded copy > > moodle (1.8.2-1.3) unstable; urgency=high > > * Non-maintainer upload by the Security Team. > * Fix broken HTML filtering which could be used to perform XSS attacks, > bypass restrictions or possibly execute arbitrary code > (CVE-2008-1502; Closes: #489533). > > -- Jordan Mantha <[email protected]> Wed, 25 Feb 2009 15:16:22 > -0800 > > ** Changed in: moodle (Ubuntu) > Status: Triaged => Fix Released > > ** CVE added: http://www.cve.mitre.org/cgi- > bin/cvename.cgi?name=2007-3215 > > ** CVE added: http://www.cve.mitre.org/cgi- > bin/cvename.cgi?name=2008-1502 > > ** CVE added: http://www.cve.mitre.org/cgi- > bin/cvename.cgi?name=2008-3326 > > ** CVE added: http://www.cve.mitre.org/cgi- > bin/cvename.cgi?name=2008-4796 > > ** CVE added: http://www.cve.mitre.org/cgi- > bin/cvename.cgi?name=2008-5153 > > ** CVE added: http://www.cve.mitre.org/cgi- > bin/cvename.cgi?name=2008-5432 > > ** CVE added: http://www.cve.mitre.org/cgi- > bin/cvename.cgi?name=2009-0500 > > ** CVE added: http://www.cve.mitre.org/cgi- > bin/cvename.cgi?name=2009-0501 > > -- > [MASTER] package moodle failed to install/upgrade: grep: > /etc/postgresql///pg_hba.conf: No such file or directory > https://bugs.launchpad.net/bugs/225662 > You received this bug notification because you are a direct subscriber > of a duplicate bug. > -- Mark Derr 4245 Sheridan Avenue Miami Beach, Florida 33140 305-534-2604 (phone) 305-534-0501 (cellular phone) -- [MASTER] package moodle failed to install/upgrade: grep: /etc/postgresql///pg_hba.conf: No such file or directory https://bugs.launchpad.net/bugs/225662 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
