lp:ubuntu/vivid/moodle
- Get this branch:
- bzr branch lp:ubuntu/vivid/moodle
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 42. By Joost van Baal
-
* debian/
README. Debian: add authors and dates, in order to make status more
clear.
* debian/watch: (trying to) get it working again, with revamped moodle.org website.
* debian/changelog: add even more CVE-numbers to entry 2.7.5+dfsg-1.
* For the record, https://security- tracker. debian. org/tracker/ CVE-2013- 3630
will not get fixed: it's not a bug: the attack can only get launched by an
administrator, and administrators need to be trusted. See also Debian
bug #775842.
* Fix CVE-2014-4172 and CVE-2014-2054:
- debian/rules, debian/control: don't use CAS client library as shipped with
moodle (unchanged phpCAS 1.3.3, see upstream auth/cas/CAS/moodle_ readme. txt)
but php-cas as shipped with Debian (1.3.3-1 and 1.3.1-4+deb7u1); create
symlinks /u/s/m/auth/cas/ CAS/CAS. php -> /usr/share/ php/CAS. php
and /u/s/m/auth/cas/ CAS/CAS -> /usr/share/ php/CAS/ . This fixes CVE-2014-4172.
- debian/rules: remove /u/s/m/lib/phpexcel from binary package. Remove
lib/phpexcel/ PHPExcel/ Shared/ OLE* from upstream sources. This fixes both a
license problem and a security problem: Although the PHP license is generally
agreed to be DFSG-free, using it as a license on anything that isn't PHP
itself makes the result non-free. PHP OLE is licensed under the PHP license.
Older versions of PHP Excel, such as the one shipped with moodle, suffer from
security problem CVE-2014-2054. See also Debian Bug #718585 "RFP: php-excel".
This closed Debian bug "Multiple security issues"; thanks Moritz Muehlenhoff,
Thijs Kinkhorst and Hubert Chathi (Closes: #775842) - 41. By Joost van Baal
-
* debian/
README. Debian: add notes on upgrading.
* debian/TODO: added.
* debian/changelog: add CVE-number to previous entry. - 40. By Joost van Baal
-
New upstream security release:
Moodle 2.7.5 release notes, Release date: 2 February, 2015: "A number of
security related issues were resolved. Details of these issues will be released
after a period of approximately one week to allow system administrators to
safely update to the latest version." "Here is the full list of fixed issues in 2.7.5:
https://tracker. moodle. org/issues/ ?jql=project+ %3D+mdl+ AND+resolution+ %3D+fixed+ AND+fixVersion+ in+%28% 222.7.5% 22%29+ORDER+ BY+priority+ DESC"
See also https://docs.moodle. org/dev/ Moodle_ 2.7.5_release_ notes . - 37. By Thijs Kinkhorst
-
* New upstream release.
* Do install tcpdf lib, which is now required by core Moodle. - 36. By Thijs Kinkhorst
-
* New upstream release, fixing security issues:
- MSA-14-0001 Config passwords visibility issue [CVE-2014-0008]
- MSA-14-0002 Group constraints lacking in "login as" [CVE-2014-0009]
- MSA-14-0003 CSRF vulnerability in profile fields [CVE-2014-0010]
* Move /var/lib/moodle directory into package.
* Revert back to bundled yui3. Unfortunately, version in Debian and
of upstream are not compatible (closes: #735312). - 35. By Thijs Kinkhorst
-
* Drop unused libjs-yui dependency (closes: #730104).
* Replace bundled yui3 with dependency on packaged libjs-yui3-min.
* Add virtual-mysql-{ server, client} dependency alternatives
(closes: #732895).
* Change owner of config.php from www-data to root.
* Checked for policy 3.9.5, no changes necessary. - 33. By Thijs Kinkhorst
-
* New upstream version: 2.5.3.
- Incorporates CAS security patch.
- Fixes security issues CVE-2013-4522, CVE-2013-4523,
CVE-2013-4524, CVE-2013-4525, CVE-2013-6780.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/wily/moodle