~ubuntu-branches/ubuntu/hardy/moodle/hardy-security : files for revision 21

~ubuntu-branches/ubuntu/hardy/moodle/hardy-security : (Revision 21)

Committer: Bazaar Package Importer
Author(s): Kees Cook
Date: 2009-06-19 16:50:43 UTC
Revision ID: james.westby@ubuntu.com-20090619165043-mnck6b198wf2njfy

Tags: 1.8.2-1ubuntu4.2

* SECURITY UPDATE: backported upstream fixes from Moodle 1.8.9 and earlier.
  - CVE-2008-4796_snoopy.dpatch: did not escape shell characters when
    using https (MSA-09-0003).
  - msa090006_CVE-2009-0501_calendar.dpatch: do not expose usernames via
    calendar export errors.
  - CVE-2007-3215_phpmailer.dpatch: escape sender email address when
    calling sendmail.
  - html2text-update.dpatch: html cleaning improved (MSA-08-0026,
    CVE-2008-5619).
  - CVE-2008-5432_wiki.dpatch: escape wiki titles in recent changes
    list (MSA-08-0022).
  - msa080010_hotpot.dpatch: block SQL injections in HotPot reports
    (MSA-08-0010, CVE-2008-6124).
  - msa080004_install.dpatch: stop XSS in unconfigured installs.
  - msa08003_login-as.dpatch: correctly validate permissions when attempting
    to switch users.
  - msa080015_deleted-user-profiles.dpatch: do not display deleted user
    profiles.
  - msa080021_text-cleaning.dpatch: stop XSS in certain string format
    situations.
  - msa080023_message-csrf.dpatch: require sessionkey for instant messages
    to stop CSRF.
  - mdl11759_group-creation.dpatch: stop XSS in group creation.
  - MDL-9288_mnet.dpatch: correct escape users names in mnet.
  - MDL-11857_restore.dpatch: stop SQL injection from restore.
  - mdl12079_essayquestions.dpatch: block XSS in essay questions.
  - mdl12793_PARAM_HOST.dpatch: block XSS in host parameter.
  - mdl14806_wiki-params.dpatch: block XSS in wiki parameters.
  - msa090001.dpatch: allow removal of deleted-user pictures.
  - msa090002.dpatch: block access to deleted-user pictures.
  - msa090004.dpatch: stop XSS in "login as" (CVE-2009-0502).
  - msa090007{,_cleanup-prep}.dpatch: add more input validation to
    prevent XSS via inputs (CVE-2009-0500).
  - msa090008.dpatch: add session key to forum actions to stop CSRF
    (CVE-2009-0499).
  - CVE-2009-1171.dpatch: blacklist TeX functions that allow arbitrary file
    inclusion (MSA-09-0009, CVE-2009-1171).
* SECURITY UPDATE: Smarty template processor security fixes.
  - smarty_dollar_sign.dpatch: stop php execution via templates
    (CVE-2008-4810, CVE-2008-4811).
  - smarty_math_backticks.dpatch: stop backtick processing in math
    expressions (CVE-2009-1669).
* SECURITY UPDATE: remove unsafe and unused SpellChecker extension.
  - debian/rules: remove SpellChecker (CVE-2008-5153).

Filename	Latest Rev	Last Changed	Committer	Comment	Size
..
admin	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
auth	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
backup	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
blocks	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
blog	1.1.5	17 years ago	Bazaar Package Importer	Import upstream version 1.6
calendar	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
course	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
debian	2	20 years ago	Bazaar Package Importer	* New upstream release, closes: #252693 * Added "e
doc	1.1.10	16 years ago	Bazaar Package Importer	Import upstream version 1.8.2
enrol	1.1.1	19 years ago	Bazaar Package Importer	Import upstream version 1.4.3
error	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
files	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
filter	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
grade	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 1.5.2
group	1.1.9	17 years ago	Bazaar Package Importer	Import upstream version 1.8.1
install	1.1.5	17 years ago	Bazaar Package Importer	Import upstream version 1.6
iplookup	1.1.5	17 years ago	Bazaar Package Importer	Import upstream version 1.6
lang	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
lib	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
login	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
message	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 1.5.2
mnet	1.1.9	17 years ago	Bazaar Package Importer	Import upstream version 1.8.1
mod	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
my	1.1.5	17 years ago	Bazaar Package Importer	Import upstream version 1.6
pix	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
question	1.1.5	17 years ago	Bazaar Package Importer	Import upstream version 1.6
rss	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
search	1.1.8	17 years ago	Bazaar Package Importer	Import upstream version 1.7.2
sso	1.1.3	18 years ago	Bazaar Package Importer	Import upstream version 1.5.3
theme	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
user	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
userpix	1	20 years ago	Bazaar Package Importer	Import upstream version 1.3.1
config-dist.php	1.1.9	17 years ago	Bazaar Package Importer	Import upstream version 1.8.1	15.6 KB
file.php	1.1.9	17 years ago	Bazaar Package Importer	Import upstream version 1.8.1	6.8 KB
help.php	1.1.9	17 years ago	Bazaar Package Importer	Import upstream version 1.8.1	6.9 KB
index.php	1.1.9	17 years ago	Bazaar Package Importer	Import upstream version 1.8.1	12.1 KB
install.php	1.1.10	16 years ago	Bazaar Package Importer	Import upstream version 1.8.2	44.3 KB
README.txt	1.1.5	17 years ago	Bazaar Package Importer	Import upstream version 1.6	940 bytes
tags	1.1.9	17 years ago	Bazaar Package Importer	Import upstream version 1.8.1	1.1 MB
version.php	1.1.10	16 years ago	Bazaar Package Importer	Import upstream version 1.8.2	550 bytes