Bug#601865: unblock: moodle/1.9.9.dfsg2-2
On 31/10/10 15:37, Adam D. Barratt wrote:
> On Sat, 2010-10-30 at 13:18 +0100, Tomasz Muras wrote:
>> Please unblock package moodle
>>
>> This version contains only updated translations and security
>> patches ported from the latest upstream release: 1.9.10.
>
> Are these:
>
> + - Added patch for MDL-24523:
> + clean_text() not filtering text in markdown format
> [...]
> + - Added patch for MDL-24258:
> + students can delete their forum posts later than $CFG->maxeditingtime
> + under certain conditions
> + - Added patch for MDL-23377:
> + Can't delete quiz attempts in course without enrolled students
>
> really security fixes? They don't obviously seem to correspond to any
> of the items listed on http://moodle.org/security/ ; unfortunately both
> the Moodle issue tracker and the archives of the security announcement
> list appear to be restricted.
That is correct. All those 3 patches are security fixes, although marked
as minor by Moodle. I think this is the reason for not putting them on
http://moodle.org/security.
> (On a side note, embedded libraries suck, particularly when the updates
> to them contain loads of whitespace changes and code rearrangement).
I know - I have even created a minimal patch but in the end I've dropped
it. I think it's safer to create a patch to get in the exactly the same
code as upstream library. They know their code much better than I ever will.
Tomek
Reply to: