Bug#698245: unblock: moodle/2.2.3.dfsg-2.6~wheezy2

To: Tomasz Muras <nexor1984@gmail.com>
Cc: 698245@bugs.debian.org, team@security.debian.org
Subject: Bug#698245: unblock: moodle/2.2.3.dfsg-2.6~wheezy2
From: "Didier 'OdyX' Raboud" <odyx@debian.org>
Date: Thu, 17 Jan 2013 10:15:20 +0100
Message-id: <201301171015.20868.odyx@debian.org>
Reply-to: "Didier 'OdyX' Raboud" <odyx@debian.org>, 698245@bugs.debian.org
In-reply-to: <50F5CBBA.9020408@gmail.com>
References: <50F5CBBA.9020408@gmail.com>

Control: retitle -1 tpu: package moodle/2.2.3.dfsg-2.6~wheezy2

(CC'ing the security team for information)

Hi Thomasz, and thanks for this upload proposal,

Le mardi, 15 janvier 2013 22.35:54, Tomasz Muras a écrit :
> Please unblock package moodle
> 
> I am about to get new version of the package uploaded to
> testing-proposed-updates. The new version fixes a security issues from
> upstream release.

I will sponsor this upload once and if it gets accepted by the release team.

> diff -Nru moodle-2.2.3.dfsg/debian/changelog
> moodle-2.2.3.dfsg/debian/changelog
> --- moodle-2.2.3.dfsg/debian/changelog	2012-12-31 18:26:26.000000000 +0100
> +++ moodle-2.2.3.dfsg/debian/changelog	2013-01-15 22:29:57.000000000 +0100
> @@ -1,3 +1,17 @@
> +moodle (2.2.3.dfsg-2.6~wheezy2) testing-proposed-updates; urgency=low
> +
> +  * Backport security issues from upstream Moodle 2.2.7.
> +    * MSA-13-0009: MDL-37467 - blog posts available via RSS after
> blogging disabled
> +    * MSA-13-0007: MDL-36600 - course message sending CSRF
> +    * MSA-13-0001: MDL-37283 - lack of sanitization for google
> spellchecker +    * MSA-13-0003: MDL-36977 - moodle backup paths not
> validated properly +    * MSA-13-0002: MDL-27619 - teachers can set
> outcomes to be standard when re-editing
> +    * MSA-13-0004: MDL-33340 - activity report showing lastaccess even
> if field hidden
> +    * MSA-13-0008: MDL-36620 - guest users can access RSS feed for site
> level blogs
> +    * MSA-13-0005: MDL-35991 - open redirect issues
> +
> + -- Tomasz Muras <nexor1984@gmail.com>  Tue, 15 Jan 2013 20:43:50 +0100
> +

Please include the CVEs in the changelog entry, as done for the latest entry: 
they are important for security problems tracking. They are available in the 
mail I forwarded to you in private. (CVE-2012-6098 to CVE-2012-6106).

Please also prepare an update of Moodle 2.2.6+ for unstable to ensure that 
unstable gets the fixes targetted for Wheezy too. As unstable already diverged 
from the wheezy version, I think updating the unstable packaging to the latest 
2.2 version is safe. I will also sponsor this version (after review, of 
course).

Cheers,

OdyX

Reply to:

Follow-Ups:
- Bug#698245: unblock: moodle/2.2.3.dfsg-2.6~wheezy2
  - From: Tomasz Muras <nexor1984@gmail.com>

References:
- Bug#698245: unblock: moodle/2.2.3.dfsg-2.6~wheezy2
  - From: Tomasz Muras <nexor1984@gmail.com>

Prev by Date: Bug#697960: marked as done (unblock: fusesmb/0.8.7-1.2)
Next by Date: Processed: Re: unblock: moodle/2.2.3.dfsg-2.6~wheezy2
Previous by thread: Bug#698245: unblock: moodle/2.2.3.dfsg-2.6~wheezy2
Next by thread: Bug#698245: unblock: moodle/2.2.3.dfsg-2.6~wheezy2
Index(es):
- Date
- Thread