[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please, accept Moodle 1.4.4-3 in Sarge

On Mon, May 30, 2005 at 10:42:07PM +0200, Isaac Clerencia wrote:
> Moodle 1.4.4 has an important security bug in a "hidden" utility.

> The file delete.php is an easy way to completely delete your Moodle data, but 
> *as it is now* it can be used by a non-privileged attacker.

> The easiest proposed fix is to just don't ship the file with Moodle, as it's a 
> "hidden", not-usually-used feature.

> I've already uploaded 1.4.4.dfsg.1-3 to unstable to deal with this issue.

> Please, accept it in Sarge.


Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to: