Ubuntu
moodle package

Branches for Hardy

Name		Status	Last Modified	Last Commit
lp:ubuntu/hardy-proposed/moodle		2 Mature	2009-11-03 13:17:08 UTC 2009-11-03	22. Depend on PostgreSQL or MySQL to ensu... Author: Jeremy Bícha Revision Date: 2009-10-24 03:08:51 UTC Depend on PostgreSQL or MySQL to ensure host database is set up before moodle configuration (Closes LP: #378726, #440098)
lp:ubuntu/hardy/moodle		1 Development	2009-06-25 06:39:39 UTC 2009-06-25	19. debian/postinst: ... except we should... Author: Steve Langasek Revision Date: 2008-03-28 01:16:24 UTC debian/postinst: ... except we should explicitly pass --debconf-ok to ucf, for compatibility with older versions.
lp:ubuntu/hardy-security/moodle		1 Development	2009-06-25 06:39:45 UTC 2009-06-25	21. * SECURITY UPDATE: backported upstrea... Author: Kees Cook Revision Date: 2009-06-19 16:50:43 UTC * SECURITY UPDATE: backported upstream fixes from Moodle 1.8.9 and earlier. - CVE-2008-4796_snoopy.dpatch: did not escape shell characters when using https (MSA-09-0003). - msa090006_CVE-2009-0501_calendar.dpatch: do not expose usernames via calendar export errors. - CVE-2007-3215_phpmailer.dpatch: escape sender email address when calling sendmail. - html2text-update.dpatch: html cleaning improved (MSA-08-0026, CVE-2008-5619). - CVE-2008-5432_wiki.dpatch: escape wiki titles in recent changes list (MSA-08-0022). - msa080010_hotpot.dpatch: block SQL injections in HotPot reports (MSA-08-0010, CVE-2008-6124). - msa080004_install.dpatch: stop XSS in unconfigured installs. - msa08003_login-as.dpatch: correctly validate permissions when attempting to switch users. - msa080015_deleted-user-profiles.dpatch: do not display deleted user profiles. - msa080021_text-cleaning.dpatch: stop XSS in certain string format situations. - msa080023_message-csrf.dpatch: require sessionkey for instant messages to stop CSRF. - mdl11759_group-creation.dpatch: stop XSS in group creation. - MDL-9288_mnet.dpatch: correct escape users names in mnet. - MDL-11857_restore.dpatch: stop SQL injection from restore. - mdl12079_essayquestions.dpatch: block XSS in essay questions. - mdl12793_PARAM_HOST.dpatch: block XSS in host parameter. - mdl14806_wiki-params.dpatch: block XSS in wiki parameters. - msa090001.dpatch: allow removal of deleted-user pictures. - msa090002.dpatch: block access to deleted-user pictures. - msa090004.dpatch: stop XSS in "login as" (CVE-2009-0502). - msa090007{,_cleanup-prep}.dpatch: add more input validation to prevent XSS via inputs (CVE-2009-0500). - msa090008.dpatch: add session key to forum actions to stop CSRF (CVE-2009-0499). - CVE-2009-1171.dpatch: blacklist TeX functions that allow arbitrary file inclusion (MSA-09-0009, CVE-2009-1171). * SECURITY UPDATE: Smarty template processor security fixes. - smarty_dollar_sign.dpatch: stop php execution via templates (CVE-2008-4810, CVE-2008-4811). - smarty_math_backticks.dpatch: stop backtick processing in math expressions (CVE-2009-1669). * SECURITY UPDATE: remove unsafe and unused SpellChecker extension. - debian/rules: remove SpellChecker (CVE-2008-5153).
lp:ubuntu/hardy-updates/moodle		1 Development	2009-10-24 03:08:51 UTC 2009-10-24	22. Depend on PostgreSQL or MySQL to ensu... Author: Jeremy Bícha Revision Date: 2009-10-24 03:08:51 UTC Depend on PostgreSQL or MySQL to ensure host database is set up before moodle configuration (Closes LP: #378726, #440098)