PDA

View Full Version : moodle versions and updates


alexispellicier
01-Nov-2011, 02:18
Hello,

There is 3 versions of moodle on moodle.org: 1.9.14,2.0.5 and 2.1.2

From the education repo 1.9.13 and 2.0.2 are available.

Those versions are affected by these security issues :
-MSA-11-0038: Database injection protection strengthened
-MSA-11-0039: Wiki section vulnerability
Which are describe as serious (Moodle.org: Security news (http://moodle.org/security/))

Is there a plan to provide an update soon? Shall we better not use education repo for installing moodle?

Thank you for your advice.
ken_yap
01-Nov-2011, 03:51
You're actually better off installing Moodle from CVS from moodle.org, then you can update anytime.

PS: We are not devs and it's not certain that the packager hangs around these forums.
alexispellicier
01-Nov-2011, 05:44
I'll do that and delete the education repo from my server so I can be certain no compromise software could be install on my system.

Thank you.
lrupp
02-Nov-2011, 06:53
In such cases, just find out the one who is currently maintaining the package:
rpm -q --changelog moodle1 | less
=> have a look at the mentioned Email addresses...
And write her/him an Email requesting an update. You can also open a bug at https://bugzilla.novell.com/ about the issue.

This works much faster than asking here in the Forum, where packagers normally are not available.
DenverD
02-Nov-2011, 11:55
On 11/02/2011 02:56 PM, lrupp wrote:
>
> This works much faster than asking here in the Forum, where packagers
> normally are not available.

thanks!! for coming by...please do so more often...(try it via
nntp...looks and feels more gooder!)

--
DD
openSUSE®, the "German Automobiles" of operating systems
alexispellicier
02-Nov-2011, 13:05
This works much faster than asking here in the Forum, where packagers normally are not available.[/QUOTE]

OK thank for the tip I was wondering where I could find this information.
I'll definitively send him a mail about that issue.
lrupp
25-Nov-2011, 01:22
looking at the repos, it looks to me like the problem is fixed. So as result: trying to find the "right" channel is never easy - but at least for reaching packagers someone should better try to reach them via direct Email, opensuse-edu@opensuse.org mailinglist or (maybe) the #opensuse-edu channel on irc.freenode.net
alexispellicier
25-Nov-2011, 01:31
Indeed!
I got an answer the same day I send direct email to packager.
Thanks again.