lp:ubuntu/quantal/moodle

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

37. By Didier Raboud on 2012-09-28

* Non-maintainer upload.

* Backport multiple security issues from upstream's MOODLE_22_STABLE
  branch. (Closes: #687924)
  - MSA-12-0051: MDL-30792 - File upload size constraint issue
    Fixes CVE-2012-4400
  - MSA-12-0052: MDL-28207 - Course topics permission issue
    Fixes CVE-2012-4401
  - MSA-12-0053: MDL-34585 - Blog file access issue
    Fixes CVE-2012-4407
  - MSA-12-0054: MDL-34519 - Course reset permission issue
    Fixes CVE-2012-4408
  - MSA-12-0055: MDL-34368 - Web service access token issue
    Fixes CVE-2012-4402

36. By Didier Raboud on 2012-07-23

* Non-maintainer upload.

* Backport multiple security issues from upstream's MOODLE_22_STABLE
  branch. (Closes: #682203)
  - MDL-31692 mod_lti - ensure that various mforms are used properly
    Fixes CVE-2012-3389
  - MDL-33916 Ensure that capabilities are checked for cached user
    enrolments
    Fixes CVE-2012-3388

35. By Didier Raboud on 2012-07-20

* Non-maintainer upload.

* Backport multiple security issues from upstream's MOODLE_22_STABLE
  branch (Closes: #682203)
  - MDL-33808 - format title on the repository instance screen
  - MDL-33808 - incorrect cleaning of repository names
    Both patches fix CVE-2012-3393.
  - MDL-23254 Authentication : used httpswwwroot as root url during
    authentication procedure where $PAGE->https_required() is
    specified.
    Fix CVE-2012-3394
  - MDL-27675 - Feedback module abuses data_submitted
    Fix CVE-2012-3395
  - MDL-34045 fix invalid idnumber field type in cohort form
    Fix CVE-2012-3396
  - MDL-33466: Group restriction should hide activity even with 'show
    availability' option
    Fix CVE-2012-3397

34. By Tomasz (Tomek) Muras on 2012-06-21

Don't depend on ucf during purge (closes: #678027)

33. By Tomasz (Tomek) Muras on 2012-06-16

New upstream version: 2.2.3+ (Build: 20120615)
closes: #674163

32. By Tomasz (Tomek) Muras on 2012-04-18

Fix path to cron (closes: #669229)

31. By Tomasz (Tomek) Muras on 2012-04-12

* Backporting security fixes from Moodle 1.9.17
   - MSA-12-00013 DB activtity export does not respect groups
       (CVE-2012-1155, closes: #668411)

30. By Tomasz (Tomek) Muras on 2012-02-27

* Backporting security fixes from Moodle 1.9.15 and 1.9.16
  (closes: #652235)
   - MSA-11-0054 Personal information leak
   - MSA-11-0045 Potential to masquerade through MNet (CVE-2011-4584)
   - MSA-11-0046 Insecure authentication transmission (CVE-2011-4585)
   - MSA-11-0047 Possible injection attack in Calendar (CVE-2011-4586)
   - MSA-11-0048 Password loss issue (CVE-2011-4587)
   - MSA-11-0049 Network restriction ineffective with MNet (CVE-2011-4588)
   - MSA-12-0007 Email injection prevention (CVE-2012-0796)
   - MSA-12-0006 Additional email address validation (CVE-2012-0795)
   - MSA-12-0005 Encryption enhancement (CVE-2012-0794)
   - MSA-12-0004 Added profile image security (CVE-2012-0793)
   - MSA-12-0003 Added password protection
   - MSA-12-0002 Personal information leak, previously MSA-11-0040
     (CVE-2011-4308 and CVE-2012-0792)
   - MSA-12-0001 Recaptcha transmission consistency issue

29. By Tomasz (Tomek) Muras on 2011-10-28

* Backporting security fixes from Moodle 1.9.13 and 1.9.14
    - MSA-11-0026 Fields in user upload CSV not being escaped (MDL-28360)
    - MSA-11-0025 Group names in user upload CSV not being escaped (MDL-28197)
    - MSA-11-0024 Recaptcha images were being authenticated
        from an older server (MDL-27889) (closes: #638935)
    - MSA-11-0020 Continue links in error messages can lead offsite (MDL-27464)
    - MSA-11-0038 Database injection protection strengthened (MDL-29033)
    - MSA-11-0037 Course section editing injection vulnerability (MDL-28722)
    - MSA-11-0036 Messaging refresh vulnerability (MDL-29311)
    - MSA-11-0032 MNET SSL validation issue (MDL-29148)
    - MSA-11-0031 Forms API constant issue (MDL-23872)
* Make sure that smarty & yui symlinks are correct (closes: 603255,614712)

28. By Tomasz (Tomek) Muras on 2011-05-18

* Backporting security fixes from Moodle 1.9.11 and 1.9.12
    - MSA-11-0002 Cross-site request forgery vulnerability in RSS block (MDL-18839)
    - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete (MDL-25754)
    - MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information (MDL-26189)
    - MSA-11-0011 Multiple cross-site scripting problems in media filter (MDL-26030)
    - MSA-11-0015 Cross Site Scripting through URL encoding (MDL-26966)
    - MSA-11-0013 Group/Quiz permissions issue (MDL-25122)