Viewing all changes in revision 7.
- Committer: Bazaar Package Importer
- Date: 2006-06-09 22:21:34 UTC
- Revision ID: james.westby@ubuntu.com-20060609222134-sdqnl3z5bws1knge
* [SECURITY] Fix multiple XSS and SQL injection vulnerabilities:
- Due to a failure to properly sanitise user input, there's a
PostgreSQL SQL injection vulnerability in
lib/adodb/drivers/adodb-postgres64.inc.php as described in
CVE-2006-0410. Patch applied from Debian #360395.
- The embedded version of lib/adodb/adodb-pager.inc.php is
susceptible to XSS as described in CVE-2006-0806. Patch applied
from Debian #360396.
* References:
http://bugs.debian.org/360395, CVE-2006-0410;
http://bugs.debian.org/360396, CVE-2006-0806.
* debian/:
- postinst: Handle the upgrade path from any previous packaging
revision in Breezy and Dapper that depends on apache2 but
mistakenly uses apache in the debconf template.
- templates: Use apache2 by default since, well, that's what the
dependency prefers. Now Moodle actually installs.
(Closes: Malone #5501, Malone #47812).
- Due to a failure to properly sanitise user input, there's a
PostgreSQL SQL injection vulnerability in
lib/adodb/drivers/adodb-postgres64.inc.php as described in
CVE-2006-0410. Patch applied from Debian #360395.
- The embedded version of lib/adodb/adodb-pager.inc.php is
susceptible to XSS as described in CVE-2006-0806. Patch applied
from Debian #360396.
* References:
http://bugs.debian.org/360395, CVE-2006-0410;
http://bugs.debian.org/360396, CVE-2006-0806.
* debian/:
- postinst: Handle the upgrade path from any previous packaging
revision in Breezy and Dapper that depends on apache2 but
mistakenly uses apache in the debconf template.
- templates: Use apache2 by default since, well, that's what the
dependency prefers. Now Moodle actually installs.
(Closes: Malone #5501, Malone #47812).
expand all
collapse all
added
removed
