2009
moodle (1.8.2.dfsg-5) unstable; urgency=high
* Fix arbitrary file disclosure via abusing $$ in LaTeX
mode if not mimetex is used (CVE-2009-1171; Closes: #522116).
-- Francois Marier <francois@debian.org> Thu, 02 Apr 2009 18:18:02 +1300
moodle (1.8.2.dfsg-4) unstable; urgency=high
* Improve the fix for log URL filtering as suggested by Steffen Joeris
(MSA-09-0007 / CVE-2009-0500)
* Backport upstream fix for calendar export leakage
(MSA-09-0006 / CVE-2009-0501)
-- Francois Marier <francois@debian.org> Thu, 12 Feb 2009 17:27:07 +1300
moodle (1.8.2.dfsg-3) unstable; urgency=high
* Delete unused (but vulnerable) Spellchecker plugin to htmlarea
(MSA-09-0005, CVE-2008-5153)
* Hide images of deleted users (MSA-09-0001)
* Fix user pix disclosure (MSA-09-0002)
* Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
* Fix XSS vulnerabilities in logs (MSA-09-0007)
* Fix CSRF vulnerability in forum code (MSA-09-0008)
-- Francois Marier <francois@debian.org> Mon, 02 Feb 2009 19:09:10 +1300
2008
moodle (1.8.2.dfsg-2) unstable; urgency=high
[ Dan Poltawski ] * Patch SQL injection bug in hotpot module (MSA-08-0010) * Fix XSS bug in logged urls (MDL-11414) * Fix XSS bug in install script (MSA-08-0004) * Fix insufficient access control in Login as feature (MSA-08-0003) * Profiles of deleted users were accessible allowing for spam (MSA-08-0015) * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021) * Fix CSRF in messaging settings (MSA-08-0023) * Fix anonymous group creation and html injection (MDL-11759) * Fix SQL injection bug in mnet (MDL-9288) * Fix SQL injection bug in restore (MDL-11857) * Insufficient cleaning of essay questions (MDL-12079) * Fix insufficient cleaning of PARAM_HOST (MDL-12793) * Fix XSS bug in logged urls (MDL-11414) * Fix uncleaned params in wiki (MDL-14806) [ Francois Marier ] * Update html2text to prevent code execution attacks (closes: #508909)
-- Francois Marier <francois@debian.org> Wed, 17 Dec 2008 13:37:10 +1300
moodle (1.8.2.dfsg-1) unstable; urgency=high
* Replace html2text with a GPL alternative (closes: #507947) * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593) * Add Dan Poltawski to the uploaders field
-- Francois Marier <francois@debian.org> Tue, 16 Dec 2008 20:24:27 +1300
moodle (1.8.2-2) unstable; urgency=high
* Adopt orphaned package (closes: #494642) * Acknowledge security NMU (closes: #489533, #432264) * Add Vcs-* fields to debian/control Release-critical and security bugs: * Depend on smarty instead of using the embedded copy that is shipped with Moodle (closes: #471158, #488525, #504345) * Patch security bug in the embedded (and customised) copy of phpmailer (CVE-2007-3215, closes: #429339, #429190) * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492) * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069) Trivial bug fixes: * Depend on zip (closes: #408995) * Add mysql-client as an alternative to postgresql-client (closes: #417554, #469094) * Recommend php5-ldap (closes: #425839) * Delete unnecessary script with bashisms (closes: #489634) Lintian warnings: * Bump Standards-Version to 3.8.0 * Add homepage field to debian/control * Remove cvsignore file * Remove extra license file * Depend on yui instead of using an embedded copy
-- Francois Marier <francois@debian.org> Fri, 07 Nov 2008 08:24:28 +1300
moodle (1.8.2-1.3) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix broken HTML filtering which could be used to perform XSS attacks,
bypass restrictions or possibly execute arbitrary code
(CVE-2008-1502; Closes: #489533).
-- Nico Golde <nion@debian.org> Sun, 20 Jul 2008 18:07:55 +0200
moodle (1.8.2-1.2) unstable; urgency=low
* Non-maintainer upload to fix pending l10n issues.
* Debconf translations:
- Japanese. Closes: #413105
- Spanish. Closes: #413779
- German. Closes: #415888
- Dutch. Closes: #425711
- Slovak. Closes: #437511
- Brazilian Portuguese. Closes: #437680
- Finnish. Closes: #468212
- Basque. Closes: #470362
- Galician. Closes: #470430
- Vietnamese. Closes: #470602
- Russian. Closes: #470790
* [Lintian] Fix format of NEWS.Debian
* [Lintian] Move debconf dependency to Pre-Depends as it is used
in the preinst script
-- Christian Perrier <bubulle@debian.org> Fri, 14 Mar 2008 07:33:53 +0100
moodle (1.8.2-1.1) unstable; urgency=low
* Non-maintainer upload from the Zurich BSP * Added dependency on postgresql-client (Closes: #431589)
-- Tobias Klauser <tklauser@access.unizh.ch> Sat, 12 Jan 2008 17:04:03 +0100
2007
moodle (1.8.2-1) unstable; urgency=low
* New upstream release, fixes security bug, closes: #432264
-- Isaac Clerencia <isaac@debian.org> Mon, 09 Jul 2007 00:24:17 +0200
moodle (1.8.1-1) unstable; urgency=low
* New upstream release * Add php5-curl | php4-curl dependency for the new network features * No longer depend on php4 and apache 1
-- Isaac Clerencia <isaac@debian.org> Fri, 15 Jun 2007 14:12:43 +0200
moodle (1.7.2-1) unstable; urgency=low
* New upstream release
-- Isaac Clerencia <isaac@debian.org> Fri, 01 Jun 2007 12:54:59 +0200
moodle (1.7.1-1) experimental; urgency=low
* New upstream release
-- Isaac Clerencia <isaac@debian.org> Wed, 24 Jan 2007 14:21:34 +0100
2006
moodle (1.7+20061215-1) experimental; urgency=low
* New upstream release
-- Isaac Clerencia <isaac@debian.org> Fri, 15 Dec 2006 13:39:14 +0100
moodle (1.6.3-2) unstable; urgency=high
* Urgency high as it fixes a security bug and should enter Etch ASAP * Fix security bug in the forum module (discuss.php)
-- Isaac Clerencia <isaac@debian.org> Thu, 14 Dec 2006 14:14:27 +0100
moodle (1.6.3-1) unstable; urgency=low
* New upstream release
-- Isaac Clerencia <isaac@debian.org> Thu, 19 Oct 2006 11:37:40 +0200
moodle (1.6.2+20060930-1) unstable; urgency=high
* Urgency high because it fixes a critical security hole * New upstream release, closes: #390294, critical security hole * Notify the user if the selected server isn't installed, select apache2 by default instead of apache, closes: #389806 * Add a configuration section for php5 in apache.conf, closes: #387609
-- Isaac Clerencia <isaac@debian.org> Sat, 30 Sep 2006 12:14:29 +0100
moodle (1.6.2-1) unstable; urgency=low
* New upstream release, closes: #387177 * Debconf translation updates/additions: * Czech, closes: #371834 * French, closes: 372713 * Portuguese, closes: #381194 * Install config-dist.php in the documentation directory, closes: #386476
-- Isaac Clerencia <isaac@debian.org> Tue, 12 Sep 2006 22:06:34 +0200
moodle (1.6.1+20060825-1) unstable; urgency=low
* New upstream release
* Moodle neither uses nor plans to use ADODB_Pager, so it's not affected by
#360396, but include patch for it anyway, just in case somebody decides to
use it out of the blue
-- Isaac Clerencia <isaac@debian.org> Fri, 25 Aug 2006 08:56:42 +0200
moodle (1.6-2) unstable; urgency=low
* Fix two problems in preinst, thanks to Jordi Mallach's workmate * Ship cron file in package instead of generating it at postinst
-- Isaac Clerencia <isaac@debian.org> Mon, 3 Jul 2006 10:25:31 +0200
moodle (1.6-1) unstable; urgency=low
* New upstream release, needs newer PHP version, so updated versioned
dependencies
-- Isaac Clerencia <isaac@debian.org> Mon, 19 Jun 2006 18:21:07 +0200
moodle (1.5.4-1) unstable; urgency=low
* New upstream release
* Depend on ucf
* Move debhelper to Build-Depends as it's used in the clean target of
debian/rules
* Add colons to debconf template short descriptions
* Bumped Standard-Versions to 3.7.2, no changes needed
-- Isaac Clerencia <isaac@debian.org> Tue, 30 May 2006 17:48:11 +0200
moodle (1.5.3+20060206-1) unstable; urgency=low
* New package created from 1.5.3+ branch, which includes several bugfixes * Allow moodle to be installed using php5 instead of php4, closes: #351298 * Changed apache | httpd to apache2-mpm-prefork | httpd
-- Isaac Clerencia <isaac@debian.org> Mon, 6 Feb 2006 09:49:09 +0100
moodle (1.5.3+20060108-2) unstable; urgency=low
* Throw cronjob output to /dev/null, closes: #349971
-- Isaac Clerencia <isaac@debian.org> Thu, 26 Jan 2006 13:01:58 +0100
moodle (1.5.3+20060108-1) unstable; urgency=low
* New package created from 1.5.3+ branch, which closes: #346509, a security bug in the ADODB code included in Moodle * Check for /usr/share/moodle/admin/cron.php existence in the cronjob, closes: #342304 * Use php4-cli instead of wget to run the cronjob, closes: #345930
-- Isaac Clerencia <isaac@debian.org> Sun, 8 Jan 2006 17:09:57 +0100
2005
moodle (1.5.3-1) unstable; urgency=low
* New upstream release
-- Isaac Clerencia <isaac@debian.org> Mon, 21 Nov 2005 21:09:21 +0100
moodle (1.5.2-1) unstable; urgency=low
* New upstream release
-- Isaac Clerencia <isaac@debian.org> Wed, 20 Jul 2005 15:13:41 +0200
moodle (1.5.1-1) unstable; urgency=low
* New upstream release
-- Isaac Clerencia <isaac@debian.org> Tue, 12 Jul 2005 09:50:59 +0200
moodle (1.5-1) unstable; urgency=low
* New upstream release * Added Vietnamese debconf translation, closes: #312961
-- Isaac Clerencia <isaac@debian.org> Wed, 22 Jun 2005 22:18:26 +0200
moodle (1.4.4.dfsg.1-3) unstable; urgency=high
* Urgency high as this upload closes a security bug * Remove admin/delete.php on installation, fixes an important security bug
-- Isaac Clerencia <isaac@debian.org> Mon, 30 May 2005 20:45:33 +0200
moodle (1.4.4.dfsg.1-2) unstable; urgency=low
* Use find | xargs instead of rm to remove old sessions, closes: #300266
-- Isaac Clerencia <isaac@debian.org> Fri, 18 Mar 2005 18:47:32 +0100
moodle (1.4.4.dfsg.1-1) unstable; urgency=high
* Urgency high as it closes a release critical bug and fixes some security problems * New upstream release * Replaced non-free fonts with free fonts for some languages in the original tarball, closes: #298938 * Set perms for /etc/moodle/config.php to 640 instead of 644, closes: #297237 * Use new option $CFG->respectsessionsettings = true; to clean sessions and remove old sessions from /var/lib/moodle/sessions: closes: #295124 * Added cs.po debconf template translation, closes: #298208 * Remove /var/lib/moodle/ when purging
-- Isaac Clerencia <isaac@debian.org> Thu, 10 Mar 2005 01:02:48 +0100
2004
moodle (1.4.3-1) unstable; urgency=high
* Urgency high as upstream release fixes several security bugs * New upstream release * Write database creation errors and warn the user about it, closes: #285842, #285842
-- Isaac Clerencia <isaac@sindominio.net> Wed, 29 Dec 2004 00:49:52 +0100
moodle (1.4.2-2) unstable; urgency=low
* Create user before creating database in postinst
-- Isaac Clerencia <isaac@sindominio.net> Tue, 23 Nov 2004 10:55:28 +0100
moodle (1.4.2-1) unstable; urgency=high
* New upstream release * Urgency high, as this upstream release closes several security bugs * Added some extra information to README.Debian, thanks to Kevin Coyner * Added apache2 as a choice for autoconfiguration, closes: #275444
-- Isaac Clerencia <isaac@sindominio.net> Wed, 10 Nov 2004 13:18:41 +0100
moodle (1.4.1-2) unstable; urgency=medium
* Urgency medium, as it fixes the "default username" problem, which is a
www-config bug but affects lots of moodle users
* Use moodle as default database username, currently uses www-data which
causes www-config to fail to create the database
* Enabled Tex math filter and added mimetex in Depends:
* Removed an extra line from README.Debian
* Removed debian/overrides/ for lintian
-- Isaac Clerencia <isaac@sindominio.net> Sun, 24 Oct 2004 12:16:39 +0200
moodle (1.4.1-1) unstable; urgency=low
* New upstream release, closes: #270855 * /var/lib/moodle is now owned by www-data, closes: #258283 * Added README.Debian with some hints for database setup, closes: #272553, #270851
-- Isaac Clerencia <isaac@sindominio.net> Sat, 2 Oct 2004 00:37:53 +0200
moodle (1.4-1) unstable; urgency=low
* New upstream release, closes: #256218, #256219 * Switched to a file in conf.d instead of an include in http.conf * Added DirectoryIndex index.php to apache.conf file, closes: #247554
-- Isaac Clerencia <isaac@sindominio.net> Tue, 7 Sep 2004 22:07:10 +0200
moodle (1.3.3-1) unstable; urgency=low
* New upstream release
-- Isaac Clerencia <isaac@sindominio.net> Mon, 19 Jul 2004 11:28:48 +0200
moodle (1.3.2-1) unstable; urgency=low
* New upstream release
-- Isaac Clerencia <isaac@sindominio.net> Mon, 19 Jul 2004 11:16:45 +0200
moodle (1.3.1-1) unstable; urgency=low
* New upstream release, closes: #252693 * Added "exec 0<&1" to postinst to fix hang when ucf asks the user
-- Isaac Clerencia <isaac@sindominio.net> Fri, 4 Jun 2004 23:45:37 +0200
moodle (1.2.1-3) unstable; urgency=low
* Added a choice to use apache-perl in addition to apache and apache-ssl * Changed back priority to Optional, because no longer depends on php4-gd2
-- Isaac Clerencia <isaac@sindominio.net> Thu, 22 Apr 2004 11:32:40 +0200
moodle (1.2.1-2) unstable; urgency=low
* Changed depends on php4-gd2 to php4-gd, closes: #243717
-- Isaac Clerencia <isaac@sindominio.net> Tue, 20 Apr 2004 23:16:47 +0200
moodle (1.2.1-1) unstable; urgency=low
* New upstream release * Added ucf for better handling of config files * Changed priority to Extra
-- Isaac Clerencia <isaac@sindominio.net> Tue, 30 Mar 2004 22:01:33 +0200
moodle (1.1.1-4) unstable; urgency=low
* Added French debconf templates translation, closes: #235572
-- Isaac Clerencia <isaac@sindominio.net> Mon, 1 Mar 2004 12:22:03 +0100
moodle (1.1.1-3) unstable; urgency=low
* Fixed debconf stuff by adding POTFILES.in, closes: #233114 Thanks to Martin Quirson. * Fixed bug in config generation that caused passwords including '$' broke the autentication * Removed moodle prefix from some debian/ files * Changed depend on debconf to misc:Depends * Updated version for debhelper build-depend to 4.1.13
-- Isaac Clerencia <isaac@sindominio.net> Tue, 17 Feb 2004 23:55:45 +0100
2003
moodle (1.1.1-2) unstable; urgency=low
* Now depends on php4-pgsql or php4-mysql not both * Added recommends for postgresql or mysql-serverl * Added documentation dir * Added wget in Depends: and changed cron.d to use wget * Fixed postinst to put the correct protocol in config.php and cron.d/moodle
-- Isaac Clerencia <isaac@sindominio.net> Thu, 27 Nov 2003 23:14:11 +0100
moodle (1.1.1-1) unstable; urgency=low
* Initial Debian Release, closes: #222475
-- Isaac Clerencia <isaac@sindominio.net> Thu, 27 Nov 2003 23:14:11 +0100