Activity log for bug #322961

Date Who What changed Old value New value Message
2009-01-29 23:10:57 Kees Cook bug added bug
2009-01-29 23:11:08 Kees Cook who_made_private kees
2009-01-29 23:12:07 Kees Cook moodle: status New Confirmed
2009-01-29 23:12:07 Kees Cook moodle: assignee ogra
2009-01-29 23:12:07 Kees Cook moodle: importance Undecided Medium
2009-01-29 23:12:07 Kees Cook moodle: statusexplanation
2009-01-29 23:12:07 Kees Cook moodle: milestone jaunty-alpha-4
2009-02-10 18:30:26 LaserJock description Binary package hint: moodle The latest moodle is needed in Jaunty to close various security bugs. Binary package hint: moodle The latest moodle is needed in Jaunty to close various security bugs. Relevant changelog entries: moodle (1.8.2.dfsg-3) unstable; urgency=high * Delete unused (but vulnerable) Spellchecker plugin to htmlarea (MSA-09-0005, CVE-2008-5153) * Hide images of deleted users (MSA-09-0001) * Fix user pix disclosure (MSA-09-0002) * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004) * Fix XSS vulnerabilities in logs (MSA-09-0007) * Fix CSRF vulnerability in forum code (MSA-09-0008) -- Francois Marier <francois@debian.org> Mon, 02 Feb 2009 19:09:10 +1300 moodle (1.8.2.dfsg-2) unstable; urgency=high [ Dan Poltawski ] * Patch SQL injection bug in hotpot module (MSA-08-0010) * Fix XSS bug in logged urls (MDL-11414) * Fix XSS bug in install script (MSA-08-0004) * Fix insufficient access control in Login as feature (MSA-08-0003) * Profiles of deleted users were accessible allowing for spam (MSA-08-0015) * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021) * Fix CSRF in messaging settings (MSA-08-0023) * Fix anonymous group creation and html injection (MDL-11759) * Fix SQL injection bug in mnet (MDL-9288) * Fix SQL injection bug in restore (MDL-11857) * Insufficient cleaning of essay questions (MDL-12079) * Fix insufficient cleaning of PARAM_HOST (MDL-12793) * Fix XSS bug in logged urls (MDL-11414) * Fix uncleaned params in wiki (MDL-14806) [ Francois Marier ] * Update html2text to prevent code execution attacks (closes: #508909) -- Francois Marier <francois@debian.org> Wed, 17 Dec 2008 13:37:10 +1300 moodle (1.8.2.dfsg-1) unstable; urgency=high * Replace html2text with a GPL alternative (closes: #507947) * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593) * Add Dan Poltawski to the uploaders field -- Francois Marier <francois@debian.org> Tue, 16 Dec 2008 20:24:27 +1300
2009-02-10 18:30:26 LaserJock title merge moodle 1.8.2.dfsg-2 merge moodle 1.8.2.dfsg-23
2009-02-10 18:30:40 LaserJock title merge moodle 1.8.2.dfsg-23 merge moodle 1.8.2.dfsg-3
2009-02-10 18:32:44 LaserJock moodle: status Confirmed In Progress
2009-02-10 18:32:44 LaserJock moodle: assignee ogra laserjock
2009-02-10 18:32:44 LaserJock moodle: importance Medium High
2009-02-10 18:32:44 LaserJock moodle: milestone jaunty-alpha-4 jaunty-alpha-5
2009-02-26 01:40:07 Launchpad Janitor moodle: status In Progress Fix Released
2009-06-25 06:35:17 Launchpad Janitor branch linked lp:ubuntu/karmic/moodle