Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

[Jordon Bedwell <jordon@envygeeks.com>]

On Mon, 2010-10-11 at 10:40 -0400, Michael Gilbert wrote:
> The problem here appears to be the jump to the new upstream version
> (1.8.2 to 1.8.13), which has a different dependency set.  New
> upstreams are usually disallowed in security uploads.  The question
> is why was that OK in this case, rather than the standard backporting
> approach?

Perhaps there was more to this "security problem" than they're telling
us? Something we would need to figure out by checking upstream?  The
only way to find out for sure is if we forward this thread to the
package maintainer and ask him to speak out about what is going on.