Re: Please unblock moodle_1.6.3-2

To: debian-release@lists.debian.org
Subject: Re: Please unblock moodle_1.6.3-2
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 15 Dec 2006 19:09:22 +0100
Message-id: <[🔎] slrneo5p6i.31p.jmm@inutil.org>
References: <[🔎] 200612141424.34289.isaac@debian.org>

On 2006-12-14, Isaac Clerencia <isaac@debian.org> wrote:
> I've just uploaded a new moodle version which only includes a new
> patch for a XSS security problem.

Isaac, this is the 34th security problem in Moodle since 2004. (Counting
by CVE assignments, many of them represent multiple security problems)

It's already more or less unsupportable in Sarge (AFAICT fixes for about
a dozen vulnerabilities need to be analysed, extarcted and backported,
as upstream doesn't provide clean information; this is roughly 0.5-1
man days of work)

I don't think we should repeat the mistake to include it in a stable
release again.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Please unblock moodle_1.6.3-2
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: Please unblock moodle_1.6.3-2
  - From: Neil McGovern <neilm@debian.org>

References:
- Please unblock moodle_1.6.3-2
  - From: Isaac Clerencia <isaac@debian.org>

Prev by Date: mingw32 uploaded to unstable with GFDL issue #392953 resolved
Next by Date: Re: please unblock libpng 1.2.15~beta5-0
Previous by thread: Re: Please unblock moodle_1.6.3-2
Next by thread: Re: Please unblock moodle_1.6.3-2
Index(es):
- Date
- Thread