lp:ubuntu/intrepid-updates/moodle
- Get this branch:
- bzr branch lp:ubuntu/intrepid-updates/moodle
Branch merges
Branch information
Recent revisions
- 22. By Kees Cook
-
* SECURITY UPDATE: backported upstream fixes from Moodle 1.8.9 and earlier.
- CVE-2008-4796_snoopy. dpatch: did not escape shell characters when
using https (MSA-09-0003).
- msa090006_CVE-2009- 0501_calendar. dpatch: do not expose usernames via
calendar export errors.
- CVE-2007-3215_phpmailer. dpatch: escape sender email address when
calling sendmail.
- html2text-update. dpatch: html cleaning improved (MSA-08-0026,
CVE-2008-5619).
- CVE-2008-5432_wiki. dpatch: escape wiki titles in recent changes
list (MSA-08-0022).
- msa080010_hotpot. dpatch: block SQL injections in HotPot reports
(MSA-08-0010, CVE-2008-6124).
- msa080004_install. dpatch: stop XSS in unconfigured installs.
- msa08003_login-as. dpatch: correctly validate permissions when attempting
to switch users.
- msa080015_deleted- user-profiles. dpatch: do not display deleted user
profiles.
- msa080021_text-cleaning. dpatch: stop XSS in certain string format
situations.
- msa080023_message- csrf.dpatch: require sessionkey for instant messages
to stop CSRF.
- mdl11759_group-creation. dpatch: stop XSS in group creation.
- MDL-9288_mnet.dpatch: correct escape users names in mnet.
- MDL-11857_restore. dpatch: stop SQL injection from restore.
- mdl12079_essayquestions. dpatch: block XSS in essay questions.
- mdl12793_PARAM_HOST. dpatch: block XSS in host parameter.
- mdl14806_wiki-params. dpatch: block XSS in wiki parameters.
- msa090001.dpatch: allow removal of deleted-user pictures.
- msa090002.dpatch: block access to deleted-user pictures.
- msa090004.dpatch: stop XSS in "login as" (CVE-2009-0502).
- msa090007{,_cleanup- prep}.dpatch: add more input validation to
prevent XSS via inputs (CVE-2009-0500).
- msa090008.dpatch: add session key to forum actions to stop CSRF
(CVE-2009-0499) .
- CVE-2009-1171.dpatch: blacklist TeX functions that allow arbitrary file
inclusion (MSA-09-0009, CVE-2009-1171).
* SECURITY UPDATE: Smarty template processor security fixes.
- smarty_dollar_ sign.dpatch: stop php execution via templates
(CVE-2008-4810, CVE-2008-4811).
- smarty_math_backticks. dpatch: stop backtick processing in math
expressions (CVE-2009-1669).
* SECURITY UPDATE: remove unsafe and unused SpellChecker extension.
- debian/rules: remove SpellChecker (CVE-2008-5153). - 21. By Kees Cook
-
* SECURITY UPDATE: arbitrary code execution via multiple vectors.
- Add CVE-2008-1502.dpatch: upstream KSES lib fixes, thanks to Nico Golde. - 20. By Oliver Grawert
-
* Merge from debian unstable, remaining changes:
- Suggest php5-ldap
- Modify Maintainer value to match Debian-Maintainer- Field Spec
- debian/postinst ucf fixes
- drop use of wwwconfig (database code in postinst stolen from mythtv) - 19. By Steve Langasek
-
debian/postinst: ... except we should explicitly pass --debconf-ok
to ucf, for compatibility with older versions. - 18. By Steve Langasek
-
debian/postinst: Only call db_stop after ucf has been run in
handle_config(), since ucf itself uses debconf; and drop the
"exec 0<&1" workaround which no longer matters. LP: #203844 - 17. By Matt Oquist
-
Package changed to avoid use of wwwconfig; borrowed database setup code
from Ubuntu mythtv package. - 16. By Vincent Legout
-
* Merge from Debian unstable. Remaining Ubuntu changes:
- Depends on postgresql-client
- Suggest php5-ldap
- Modify Maintainer value to match Debian-Maintainer- Field Spec - 15. By Luca Falavigna
-
* Merge from debian unstable, remaining changes:
- Depends on postgresql-client
- Suggest php5-ldap
- Set apache2 as default in debian/templates
- Update Maintainer field in debian/control - 14. By Luca Falavigna
-
* Switch back to postgresql-client and postgresql (LP: 110054)
* Suggest php5-ldap (LP: 107713) - 13. By Arthur Loiret <email address hidden>
-
* Merge from Debian unstable. Remaining Ubuntu changes:
+ debian/control:
- php5 by default.
- Add postgresql-client- 8.1 to Depends.
- Update Recommends alternate to postgresql-8.1.
+ debian/templates: Ensure the default corresponds to the install-
time dependencies (apache2).
* Modify Maintainer value to match Debian-Maintainer- Field Spec
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/moodle