Ubuntu
moodle package

lp:ubuntu/intrepid-updates/moodle

  1. Intrepid (8.10)
  2. intrepid-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/intrepid-updates/moodle
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

22. By Kees Cook

* SECURITY UPDATE: backported upstream fixes from Moodle 1.8.9 and earlier.
  - CVE-2008-4796_snoopy.dpatch: did not escape shell characters when
    using https (MSA-09-0003).
  - msa090006_CVE-2009-0501_calendar.dpatch: do not expose usernames via
    calendar export errors.
  - CVE-2007-3215_phpmailer.dpatch: escape sender email address when
    calling sendmail.
  - html2text-update.dpatch: html cleaning improved (MSA-08-0026,
    CVE-2008-5619).
  - CVE-2008-5432_wiki.dpatch: escape wiki titles in recent changes
    list (MSA-08-0022).
  - msa080010_hotpot.dpatch: block SQL injections in HotPot reports
    (MSA-08-0010, CVE-2008-6124).
  - msa080004_install.dpatch: stop XSS in unconfigured installs.
  - msa08003_login-as.dpatch: correctly validate permissions when attempting
    to switch users.
  - msa080015_deleted-user-profiles.dpatch: do not display deleted user
    profiles.
  - msa080021_text-cleaning.dpatch: stop XSS in certain string format
    situations.
  - msa080023_message-csrf.dpatch: require sessionkey for instant messages
    to stop CSRF.
  - mdl11759_group-creation.dpatch: stop XSS in group creation.
  - MDL-9288_mnet.dpatch: correct escape users names in mnet.
  - MDL-11857_restore.dpatch: stop SQL injection from restore.
  - mdl12079_essayquestions.dpatch: block XSS in essay questions.
  - mdl12793_PARAM_HOST.dpatch: block XSS in host parameter.
  - mdl14806_wiki-params.dpatch: block XSS in wiki parameters.
  - msa090001.dpatch: allow removal of deleted-user pictures.
  - msa090002.dpatch: block access to deleted-user pictures.
  - msa090004.dpatch: stop XSS in "login as" (CVE-2009-0502).
  - msa090007{,_cleanup-prep}.dpatch: add more input validation to
    prevent XSS via inputs (CVE-2009-0500).
  - msa090008.dpatch: add session key to forum actions to stop CSRF
    (CVE-2009-0499).
  - CVE-2009-1171.dpatch: blacklist TeX functions that allow arbitrary file
    inclusion (MSA-09-0009, CVE-2009-1171).
* SECURITY UPDATE: Smarty template processor security fixes.
  - smarty_dollar_sign.dpatch: stop php execution via templates
    (CVE-2008-4810, CVE-2008-4811).
  - smarty_math_backticks.dpatch: stop backtick processing in math
    expressions (CVE-2009-1669).
* SECURITY UPDATE: remove unsafe and unused SpellChecker extension.
  - debian/rules: remove SpellChecker (CVE-2008-5153).

21. By Kees Cook

* SECURITY UPDATE: arbitrary code execution via multiple vectors.
  - Add CVE-2008-1502.dpatch: upstream KSES lib fixes, thanks to Nico Golde.

20. By Oliver Grawert

* Merge from debian unstable, remaining changes:
  - Suggest php5-ldap
  - Modify Maintainer value to match Debian-Maintainer-Field Spec
  - debian/postinst ucf fixes
  - drop use of wwwconfig (database code in postinst stolen from mythtv)

19. By Steve Langasek

debian/postinst: ... except we should explicitly pass --debconf-ok
to ucf, for compatibility with older versions.

18. By Steve Langasek

debian/postinst: Only call db_stop after ucf has been run in
handle_config(), since ucf itself uses debconf; and drop the
"exec 0<&1" workaround which no longer matters. LP: #203844

17. By Matt Oquist

Package changed to avoid use of wwwconfig; borrowed database setup code
from Ubuntu mythtv package.

16. By Vincent Legout

* Merge from Debian unstable. Remaining Ubuntu changes:
  - Depends on postgresql-client
  - Suggest php5-ldap
  - Modify Maintainer value to match Debian-Maintainer-Field Spec

15. By Luca Falavigna

* Merge from debian unstable, remaining changes:
  - Depends on postgresql-client
  - Suggest php5-ldap
  - Set apache2 as default in debian/templates
  - Update Maintainer field in debian/control

14. By Luca Falavigna

* Switch back to postgresql-client and postgresql (LP: 110054)
* Suggest php5-ldap (LP: 107713)

13. By Arthur Loiret <email address hidden>

* Merge from Debian unstable. Remaining Ubuntu changes:
  + debian/control:
    - php5 by default.
    - Add postgresql-client-8.1 to Depends.
    - Update Recommends alternate to postgresql-8.1.
  + debian/templates: Ensure the default corresponds to the install-
    time dependencies (apache2).
* Modify Maintainer value to match Debian-Maintainer-Field Spec

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/moodle
This branch contains Public information 
Everyone can see this information.

Subscribers