Bug#601865: unblock: moodle/1.9.9.dfsg2-2

[Tomasz Muras <nexor1984@gmail.com>]

On 31/10/10 15:37, Adam D. Barratt wrote:
> On Sat, 2010-10-30 at 13:18 +0100, Tomasz Muras wrote:
>> Please unblock package moodle
>> 
>> This version contains only updated translations and security 
>> patches ported from the latest upstream release: 1.9.10.
> 
> Are these:
> 
> +     - Added patch for MDL-24523:
> +       clean_text() not filtering text in markdown format
> [...]
> +     - Added patch for MDL-24258:
> +       students can delete their forum posts later than $CFG->maxeditingtime 
> +       under certain conditions
> +     - Added patch for MDL-23377:
> +       Can't delete quiz attempts in course without enrolled students
> 
> really security fixes?  They don't obviously seem to correspond to any
> of the items listed on http://moodle.org/security/ ; unfortunately both
> the Moodle issue tracker and the archives of the security announcement
> list appear to be restricted.

That is correct. All those 3 patches are security fixes, although marked
as minor by Moodle. I think this is the reason for not putting them on
http://moodle.org/security.

> (On a side note, embedded libraries suck, particularly when the updates
> to them contain loads of whitespace changes and code rearrangement).

I know - I have even created a minimal patch but in the end I've dropped
it. I think it's safer to create a patch to get in the exactly the same
code as upstream library. They know their code much better than I ever will.

Tomek