-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 22 May 2015 10:34:59 +0200 Source: moodle Binary: moodle Architecture: source all Version: 2.7.8+dfsg-1 Distribution: unstable Urgency: high Maintainer: Moodle Packaging Team <pkg-moodle-maintainers@lists.alioth.debian.org> Changed-By: Joost van Baal-Ilić <joostvb@debian.org> Description: moodle - course management system for online learning Closes: 785591 Changes: moodle (2.7.8+dfsg-1) unstable; urgency=high . * New upstream security release, released 11 May 2015. Note that the upstream 2.7 branch is now supported for security fixes only until May 2017 (LTS). Security issues fixed: - MSA-15-0018: Quiz manual-grading is an XSS risk, but does not declare that, Reported by Hugh Davenport, MDL-49941, CVE-2015-3174 - MSA-15-0019: Possible phishing when redirecting to external site using referer header, Reported by Dingjie Yang, MDL-49179, CVE-2015-3175 - MSA-15-0020: User fullname disclosure through account confirmation link, Reported by: Federico Kirschbaum, MDL-50099, CVE-2015-3176 - MSA-15-0022: Potential XSS risk when returning text entered by student from Web Services, Reported by Eloy Lafuente, MDL-49718, CVE-2015-3178 - MSA-15-0023: Suspended user is able to login when confirming email, Reported by Marina Glancy, MDL-50090, CVE-2015-3179 - MSA-15-0024: User with suspended enrolment can see sections in the navigation tree, Reported by Alex Mitin, MDL-49788, CVE-2015-3180 - MSA-15-0025: Capability to manage own files is not respected in Web Services, Reported by Juan Leyva, MDL-49994, CVE-2015-3181 See http://www.openwall.com/lists/oss-security/2015/05/18/1 for more details on these fixed security issues. Some other fixes: MDL-48187 - Fixed problem with new items automatically marked as extra credit in SWM category in Gradebook; MDL-42449 - Grade category is preserved when duplicating a module; MDL-46746, MDL-47003, MDL-47002 - Atto editor HTML cleaning is less aggressive and more aware of special tags, especially noticeable when pasting text from Word. See the Moodle 2.7.8 release notes at https://docs.moodle.org/dev/Moodle_2.7.8_release_notes for more details. Thanks Salvatore Bonaccorso. Closes: #785591 * debian/watch: fix syntax. Checksums-Sha1: eb9055f163fed3054e9d878e04fdb767e7520850 1718 moodle_2.7.8+dfsg-1.dsc 6470582154e0d7e23ef4ab3dbe2488d6c05869a5 34981459 moodle_2.7.8+dfsg.orig.tar.gz d00d994a2496b41439e53064f86d47ba1b499b4a 72212028 moodle_2.7.8+dfsg-1.debian.tar.xz 66f202c0389e183ee4db42c695310a0c2d705cce 15450552 moodle_2.7.8+dfsg-1_all.deb Checksums-Sha256: 33d08ee85d90c96f42387cffd89e4e4036ce91739ed962d4a5c17a91c41c93af 1718 moodle_2.7.8+dfsg-1.dsc 5afff29f091fda2d58c1fb14ef3275d71a7fb6b04a8dafeae4ef3b5d752710da 34981459 moodle_2.7.8+dfsg.orig.tar.gz 92b635cbd1b2970ce87dbb0494e97db5a7028c367823226a1d0d67778f25312b 72212028 moodle_2.7.8+dfsg-1.debian.tar.xz e0df04a76e8d3c34fa450fdada97fb6ab68f3c44b73d5b75ed289190da9b07fb 15450552 moodle_2.7.8+dfsg-1_all.deb Files: 0180b967a361c103dcacce14d496ff22 1718 web optional moodle_2.7.8+dfsg-1.dsc ddafaae905a4aeb739c06d95f3ce8617 34981459 web optional moodle_2.7.8+dfsg.orig.tar.gz 063fe7d1015a55602accc664cf8a929d 72212028 web optional moodle_2.7.8+dfsg-1.debian.tar.xz 1137629d8c995a83ef7662fb23f02de9 15450552 web optional moodle_2.7.8+dfsg-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVXu1KAAoJEDNRenKl5rDIMqoH/1kovIN17Deq/UtzzG4GEuHA ZXOCZsoVtnq/E/H535QKtjp9lMm2AC1HZBdm3TeIemqWBTQfF+CJWIzLRllCNq4N SX0JDT7W1yfygCMfYrPexu8BkX8fnvdpFAOqz0yUwGaI9is83A+Y3wBrkmrxhi4N s0q24piLb4jBOzNQMROIMQ7TUILdTWR0w6+j7SgbrUQLPXmy/RVPIJhFL6blTPbF ZCZjFNil7Qox1GXCL31Ly1L0clcaaIcGAZNaE/CGREd3E6vF5YYFlDgHhMu3F7MI zxcksBrrvtOHJRA3+GNJqlzBr38A1MROQ5fCT3K/cO9YoIPuw8RMNjUVO+pzSdw= =g4HD -----END PGP SIGNATURE-----
