Re: Bug#386911: ITP: Claroline -- Course Management System for Online Learning

To: debian-devel@lists.debian.org
Subject: Re: Bug#386911: ITP: Claroline -- Course Management System for Online Learning
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 13 Sep 2006 22:52:50 +0200
Message-id: <[🔎] slrneggrt2.6s1.jmm@inutil.org>
References: <20060911000816.654125FE0__31084.9796086133$1157936957$gmane$org@vicm3.homelinux.net>

Victor Manuel Mtz wrote:
> * Package name    : Claroline
>   Version         : 1.7.8
>   Upstream Author : Lederer Guillaume <guillaume@claroline.net>
> * URL             : http://www.claroline.net
> * License         : GPL
>   Description     : Course Management System for Online Learning
>
> Claroline is a free application based on PHP/MySQL allowing teachers or
> education organizations to create and administrate courses through the
> web.
>
> Developed from teachers to teachers, Claroline is built over sound
> pedagogical principles allowing a large variety of pedagogical setup
> including widening of traditional classroom and online collaborative
> learning.

However, it also seems to be built over unsound web programming principles
allowing a large variety of security exploits including widening of
SQL queries and online collaborative cross-site-scripting.

(CVE-2006-3257, CVE-2006-2868, CVE-2006-2284, CVE-2006-1596, CVE-2006-1595,
CVE-2006-1594, CVE-2006-0411, CVE-2005-1377, CVE-2005-1376, CVE-2005-1375,
CVE-2005-1374 and possibly more, I stopped digging deeper)

I don't think this should enter the archive.

Cheers,
        Moritz

Reply to:

Prev by Date: Paper on (debian and others) distribution managment at ASE'06
Next by Date: Re: Orphaning my packages
Previous by thread: Re: Bug#386911: ITP: Claroline -- Course Management System for Online Learning
Next by thread: Bug#386932: ITP: libxml-libxml-xpathcontext-perl -- Perl interface to libxml2's xmlXPathContext
Index(es):
- Date
- Thread