Aloa,
I just noticed that moodle is not up-to-date and misses security fixes, see:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844
I presume that the maintainer will not fix this shortly because he has a lot of outdated packages, see https://www.redhat.com/archives/fedora-extras-list/2006-August/msg00564.html
Regards, Till
"TM" == Till Maas opensource@till.name writes:
TM> Aloa, I just noticed that moodle is not up-to-date and misses TM> security fixes, see:
TM> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844
There's not a whole lot of information in that bug report.
I see CVE-2006-3951 as being related to this. Is there something else? Do you have a link to the moodle release information that might supply more details?
- J<
On Thursday 24 August 2006 02:10, Jason L Tibbitts III wrote:
"TM" == Till Maas opensource@till.name writes:
TM> Aloa, I just noticed that moodle is not up-to-date and misses TM> security fixes, see:
TM> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844
There's not a whole lot of information in that bug report.
I see CVE-2006-3951 as being related to this. Is there something else? Do you have a link to the moodle release information that might supply more details?
The link to the release information is in the URL-Field of the bug report but I added it as a comment because it is easy to overlook - I needed to search for it though I knew it was there ;-)
Here is the information:
Changelog:
http://docs.moodle.org/en/Release_Notes#Various_fixes
----9<---- Moodle 1.5.4 21st May, 2006 (Because this release contains important security fixes, we highly advise that sites using any previous version of Moodle upgrade to this version as soon as possible.)
Various fixes Security Improved kses cleaning of html SC#204 Prevent unwanted password change here SC#225 Fix for Secunia Advisory SA18267, plus some logging of suspicious activity. AdoDB tests cleanup after Secunia Advisory SA18267 Fixed $cfg->forceloginforprofiles logic SC#207. Backported from HEAD ---->8----
I did not look into the details.
Regards, Till
Wow, May 21. Obviously something needs to be done here. I can prep a new release but I have no real way to test it. Do you happen to have a Moodle installation or were you just checking into Ignacio's packages?
- J<
On Thursday 24 August 2006 02:38, Jason L Tibbitts III wrote:
new release but I have no real way to test it. Do you happen to have a Moodle installation or were you just checking into Ignacio's packages?
I only looked through his packages, there may be more security updates missing in the list I posted on fedora-extras-list, but because of this beeing a webapp I looked more carefully and it was easy to spot.
Regards, Till
security@lists.fedoraproject.org