Debian Bug report logs - #601865
unblock: moodle/1.9.9.dfsg2-2

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Tomasz Muras <nexor1984@gmail.com>

Date: Sat, 30 Oct 2010 12:21:01 UTC

Severity: normal

Done: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#601865; Package release.debian.org. (Sat, 30 Oct 2010 12:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tomasz Muras <nexor1984@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 30 Oct 2010 12:21:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Tomasz Muras <nexor1984@gmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: moodle/1.9.9.dfsg2-2
Date: Sat, 30 Oct 2010 13:18:24 +0100
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock


Please unblock package moodle

This version contains only updated translations and security 
patches ported from the latest upstream release: 1.9.10.

unblock moodle/1.9.9.dfsg2-2

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#601865; Package release.debian.org. (Sun, 31 Oct 2010 15:39:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 31 Oct 2010 15:39:02 GMT) Full text and rfc822 format available.

Message #10 received at 601865@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Tomasz Muras <nexor1984@gmail.com>, 601865@bugs.debian.org
Subject: Re: Bug#601865: unblock: moodle/1.9.9.dfsg2-2
Date: Sun, 31 Oct 2010 15:37:10 +0000
On Sat, 2010-10-30 at 13:18 +0100, Tomasz Muras wrote:
> Please unblock package moodle
> 
> This version contains only updated translations and security 
> patches ported from the latest upstream release: 1.9.10.

Are these:

+     - Added patch for MDL-24523:
+       clean_text() not filtering text in markdown format
[...]
+     - Added patch for MDL-24258:
+       students can delete their forum posts later than $CFG->maxeditingtime 
+       under certain conditions
+     - Added patch for MDL-23377:
+       Can't delete quiz attempts in course without enrolled students

really security fixes?  They don't obviously seem to correspond to any
of the items listed on http://moodle.org/security/ ; unfortunately both
the Moodle issue tracker and the archives of the security announcement
list appear to be restricted.

(On a side note, embedded libraries suck, particularly when the updates
to them contain loads of whitespace changes and code rearrangement).

Regards,

Adam





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#601865; Package release.debian.org. (Sun, 31 Oct 2010 16:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tomasz Muras <nexor1984@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 31 Oct 2010 16:54:03 GMT) Full text and rfc822 format available.

Message #15 received at 601865@bugs.debian.org (full text, mbox):

From: Tomasz Muras <nexor1984@gmail.com>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 601865@bugs.debian.org
Subject: Re: Bug#601865: unblock: moodle/1.9.9.dfsg2-2
Date: Sun, 31 Oct 2010 16:51:20 +0000
On 31/10/10 15:37, Adam D. Barratt wrote:
> On Sat, 2010-10-30 at 13:18 +0100, Tomasz Muras wrote:
>> Please unblock package moodle
>> 
>> This version contains only updated translations and security 
>> patches ported from the latest upstream release: 1.9.10.
> 
> Are these:
> 
> +     - Added patch for MDL-24523:
> +       clean_text() not filtering text in markdown format
> [...]
> +     - Added patch for MDL-24258:
> +       students can delete their forum posts later than $CFG->maxeditingtime 
> +       under certain conditions
> +     - Added patch for MDL-23377:
> +       Can't delete quiz attempts in course without enrolled students
> 
> really security fixes?  They don't obviously seem to correspond to any
> of the items listed on http://moodle.org/security/ ; unfortunately both
> the Moodle issue tracker and the archives of the security announcement
> list appear to be restricted.

That is correct. All those 3 patches are security fixes, although marked
as minor by Moodle. I think this is the reason for not putting them on
http://moodle.org/security.

> (On a side note, embedded libraries suck, particularly when the updates
> to them contain loads of whitespace changes and code rearrangement).

I know - I have even created a minimal patch but in the end I've dropped
it. I think it's safer to create a patch to get in the exactly the same
code as upstream library. They know their code much better than I ever will.

Tomek




Reply sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
You have taken responsibility. (Mon, 01 Nov 2010 18:57:11 GMT) Full text and rfc822 format available.

Notification sent to Tomasz Muras <nexor1984@gmail.com>:
Bug acknowledged by developer. (Mon, 01 Nov 2010 18:57:11 GMT) Full text and rfc822 format available.

Message #20 received at 601865-done@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Tomasz Muras <nexor1984@gmail.com>, 601865-done@bugs.debian.org
Subject: Re: Bug#601865: unblock: moodle/1.9.9.dfsg2-2
Date: Mon, 01 Nov 2010 18:53:31 +0000
On Sun, 2010-10-31 at 16:51 +0000, Tomasz Muras wrote:
> On 31/10/10 15:37, Adam D. Barratt wrote:
> > Are these:
> > 
> > +     - Added patch for MDL-24523:
> > +       clean_text() not filtering text in markdown format
> > [...]
> > +     - Added patch for MDL-24258:
> > +       students can delete their forum posts later than $CFG->maxeditingtime 
> > +       under certain conditions
> > +     - Added patch for MDL-23377:
> > +       Can't delete quiz attempts in course without enrolled students
> > 
> > really security fixes?  They don't obviously seem to correspond to any
> > of the items listed on http://moodle.org/security/ ; unfortunately both
> > the Moodle issue tracker and the archives of the security announcement
> > list appear to be restricted.
> 
> That is correct. All those 3 patches are security fixes, although marked
> as minor by Moodle. I think this is the reason for not putting them on
> http://moodle.org/security.

Also potentially a reason for not including them... unblocked.

Regards,

Adam





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 30 Nov 2010 07:34:18 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 08:53:22 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.