Re: Security fixes in moodle-1.8.2.dfsg-3 (please unblock)
Francois Marier wrote:
> (Please CC me on your replies, thanks!)
>
> Hello,
>
> Moodle 1.8.8 was recently released and it fixes a number of security issues
> which are present in the current lenny moodle package.
>
> Attached is a debdiff of the -2 (in lenny) against -3. It fixes all of these
> vulnerabilities:
>
> * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
> (MSA-09-0005, CVE-2008-5153)
> * Hide images of deleted users (MSA-09-0001)
> * Fix user pix disclosure (MSA-09-0002)
> * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
> * Fix XSS vulnerabilities in logs (MSA-09-0007)
> * Fix CSRF vulnerability in forum code (MSA-09-0008)
>
> After talking to the testing security team, I have uploaded this package to
> unstable with the hope that it will be unblocked for lenny.
unblocked
Cheers
Luk
Reply to: