lp:ubuntu/quantal/moodle
- Get this branch:
- bzr branch lp:ubuntu/quantal/moodle
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 37. By Didier Raboud
-
* Non-maintainer upload.
* Backport multiple security issues from upstream's MOODLE_22_STABLE
branch. (Closes: #687924)
- MSA-12-0051: MDL-30792 - File upload size constraint issue
Fixes CVE-2012-4400
- MSA-12-0052: MDL-28207 - Course topics permission issue
Fixes CVE-2012-4401
- MSA-12-0053: MDL-34585 - Blog file access issue
Fixes CVE-2012-4407
- MSA-12-0054: MDL-34519 - Course reset permission issue
Fixes CVE-2012-4408
- MSA-12-0055: MDL-34368 - Web service access token issue
Fixes CVE-2012-4402 - 36. By Didier Raboud
-
* Non-maintainer upload.
* Backport multiple security issues from upstream's MOODLE_22_STABLE
branch. (Closes: #682203)
- MDL-31692 mod_lti - ensure that various mforms are used properly
Fixes CVE-2012-3389
- MDL-33916 Ensure that capabilities are checked for cached user
enrolments
Fixes CVE-2012-3388 - 35. By Didier Raboud
-
* Non-maintainer upload.
* Backport multiple security issues from upstream's MOODLE_22_STABLE
branch (Closes: #682203)
- MDL-33808 - format title on the repository instance screen
- MDL-33808 - incorrect cleaning of repository names
Both patches fix CVE-2012-3393.
- MDL-23254 Authentication : used httpswwwroot as root url during
authentication procedure where $PAGE->https_required( ) is
specified.
Fix CVE-2012-3394
- MDL-27675 - Feedback module abuses data_submitted
Fix CVE-2012-3395
- MDL-34045 fix invalid idnumber field type in cohort form
Fix CVE-2012-3396
- MDL-33466: Group restriction should hide activity even with 'show
availability' option
Fix CVE-2012-3397 - 31. By Tomasz (Tomek) Muras
-
* Backporting security fixes from Moodle 1.9.17
- MSA-12-00013 DB activtity export does not respect groups
(CVE-2012- 1155, closes: #668411) - 30. By Tomasz (Tomek) Muras
-
* Backporting security fixes from Moodle 1.9.15 and 1.9.16
(closes: #652235)
- MSA-11-0054 Personal information leak
- MSA-11-0045 Potential to masquerade through MNet (CVE-2011-4584)
- MSA-11-0046 Insecure authentication transmission (CVE-2011-4585)
- MSA-11-0047 Possible injection attack in Calendar (CVE-2011-4586)
- MSA-11-0048 Password loss issue (CVE-2011-4587)
- MSA-11-0049 Network restriction ineffective with MNet (CVE-2011-4588)
- MSA-12-0007 Email injection prevention (CVE-2012-0796)
- MSA-12-0006 Additional email address validation (CVE-2012-0795)
- MSA-12-0005 Encryption enhancement (CVE-2012-0794)
- MSA-12-0004 Added profile image security (CVE-2012-0793)
- MSA-12-0003 Added password protection
- MSA-12-0002 Personal information leak, previously MSA-11-0040
(CVE-2011-4308 and CVE-2012-0792)
- MSA-12-0001 Recaptcha transmission consistency issue - 29. By Tomasz (Tomek) Muras
-
* Backporting security fixes from Moodle 1.9.13 and 1.9.14
- MSA-11-0026 Fields in user upload CSV not being escaped (MDL-28360)
- MSA-11-0025 Group names in user upload CSV not being escaped (MDL-28197)
- MSA-11-0024 Recaptcha images were being authenticated
from an older server (MDL-27889) (closes: #638935)
- MSA-11-0020 Continue links in error messages can lead offsite (MDL-27464)
- MSA-11-0038 Database injection protection strengthened (MDL-29033)
- MSA-11-0037 Course section editing injection vulnerability (MDL-28722)
- MSA-11-0036 Messaging refresh vulnerability (MDL-29311)
- MSA-11-0032 MNET SSL validation issue (MDL-29148)
- MSA-11-0031 Forms API constant issue (MDL-23872)
* Make sure that smarty & yui symlinks are correct (closes: 603255,614712) - 28. By Tomasz (Tomek) Muras
-
* Backporting security fixes from Moodle 1.9.11 and 1.9.12
- MSA-11-0002 Cross-site request forgery vulnerability in RSS block (MDL-18839)
- MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete (MDL-25754)
- MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information (MDL-26189)
- MSA-11-0011 Multiple cross-site scripting problems in media filter (MDL-26030)
- MSA-11-0015 Cross Site Scripting through URL encoding (MDL-26966)
- MSA-11-0013 Group/Quiz permissions issue (MDL-25122)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/raring/moodle