Re: Please, accept Moodle 1.4.4-3 in Sarge

To: Isaac Clerencia <isaac@debian.org>
Cc: debian-release@lists.debian.org
Subject: Re: Please, accept Moodle 1.4.4-3 in Sarge
From: Steve Langasek <vorlon@debian.org>
Date: Mon, 30 May 2005 23:57:58 -0700
Message-id: <[🔎] 20050531065758.GU5115@mauritius.dodds.net>
Mail-followup-to: Isaac Clerencia <isaac@debian.org>, debian-release@lists.debian.org
In-reply-to: <[🔎] 200505302242.07862.isaac@debian.org>
References: <[🔎] 200505302242.07862.isaac@debian.org>

On Mon, May 30, 2005 at 10:42:07PM +0200, Isaac Clerencia wrote:
> Moodle 1.4.4 has an important security bug in a "hidden" utility.

> The file delete.php is an easy way to completely delete your Moodle data, but 
> *as it is now* it can be used by a non-privileged attacker.

> The easiest proposed fix is to just don't ship the file with Moodle, as it's a 
> "hidden", not-usually-used feature.

> I've already uploaded 1.4.4.dfsg.1-3 to unstable to deal with this issue.

> Please, accept it in Sarge.

Approved.

Thanks,
-- 
Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Please, accept Moodle 1.4.4-3 in Sarge
  - From: Isaac Clerencia <isaac@debian.org>

Prev by Date: Re: kernel updates accepted for sarge
Next by Date: xfree86 SVN trunk ready for branch merge and release
Previous by thread: Please, accept Moodle 1.4.4-3 in Sarge
Next by thread: Please push ocamlgsl 0.3.5-3 to sarge
Index(es):
- Date
- Thread